One of our clients needed to upload files via their admin, and kept getting the following error message: “File type does not meet security guidelines. Try another.”

This was something new to us, and after doing some research we discovered that WordPress only allows users to upload certain types of files, and any files that are not part of that list cannot be uploaded through the admin. Here’s the list of accepted WordPress files types.

It turns out that the list of accepted file types is found in wp-includes/functions.php. Since we don’t want to modify WordPress core files, we need a solution like a plugin in order to get around this limitation.

Chris Meller has a solution that involves adding some code to your functions.php file in your theme directory. He also explains how to remove file types from the list of allowed files types.

For more info on how to do this, see this post on his blog: Modifying Allowed Upload Types in WordPress.

Thanks to Mark Kaplun for helping us find this solution.