File not Allowed Error of WordPress File Upload Plugin

This article explains how to resolve “Upload Failed! File not allowed.” error when uploading files with WordPress File Upload plugin.

This error means that the file was rejected because either its extension or its filename were not allowed. Here is a list of actions to resolve this problem:

  1. Check file extension. The first thing to do is to check the file extension by following the instructions in Allowed File Types of WordPress File Upload Plugin article.
  2. Check filename. If everything is Ok with the file extension but the error still persists for some files, then the next thing to do is check the filename. Files containing more than one dot (.) in their filename (e.g. myfile.1.jpg) are by default not allowed, in order to protect the website from threats related to double extensions. This behavior is controlled by variable Wildcard Asterisk Mode, located in Advanced tab in the plugin’s area in Dashboard. To disable the dot restriction, set it to loose.

Please note that WordPress File Upload applies a strict policy regarding filenames and types of uploaded files. This is part of the overall security measures, adopted by the plugin, to protect against hacking attempts. You can read a detailed description about WordPress File Upload Security in this article.

For any questions, or further assistance please contact us.

The Iptanus team


16 thoughts on “File not Allowed Error of WordPress File Upload Plugin”

  1. Hi, is this Advanced tab only available in the Pro Version? Currently I have Free 4.0.1 version installed and can’t find it.

  2. Hi there

    I would like to purchase the pro version but i have some problem using the free version:

    1. i want to upload .stl and .obj file, but your plugin have forbidden due to security issue, please advise.

    2. I setup my upload path as “uploads/users/%username%” and enabled “Create Upload Path”, however when i test try to upload a .doc file, the file goes to /uplaods/2017/10. Please advise.

    3. Continuing from question 2, after i successfully uploaded the .doc file, no successfully message pop-up.

    4. I added drop down in the “additional fields”, so after my visitors successfully uploaded their files, where does the “additional fields” information be shown?

    5. I have chosen upload roles as all users except guest. When i surf my web as a guest, there is no upload area be showing on the page. Can the plugin be adjusted to give notice to the visitors to sign in instead of hiding the upload area?


  3. I’m having the same problem with adding .stl & .obj extensions.

    I’ve tried the “WP Extra File Types” plugin using mime type “application/object” AND
    I added the following code to the theme’s functions.php:

    add_filter(‘post_class’, ‘tt_hidetitle_class’);
    function my_myme_types( $mime_types ) {
    $mime_types[‘stl’] = ‘application/object’;
    $mime_types[‘obj’] = ‘application/object’;
    return $mime_types;
    add_filter( ‘upload_mimes’, ‘my_myme_types’, 1, 1 );

    This allowed me to upload *stl files to the media library but NOT using your plugin.

    Thankyou for any advice!

    1. Hi, the plugin has its own multiple mechanisms of protecting the website from hacker attacks. One of them is to forbid, by default, certain extensions which may contain executable code. Stl and obj are included in these blacklisted extensions. You can read more it here.

      You can still enable these extensions by doing the following:

      1. Add the following lines in functions.php file of your theme:

      global $wfu_extension_blacklist;
      if ( isset($wfu_extension_blacklist[“stl”]) ) unset($wfu_extension_blacklist[“stl”]);
      if ( isset($wfu_extension_blacklist[“obj”]) ) unset($wfu_extension_blacklist[“obj”]);

      2. Set Allowed File Extensions in the shortcode like this: *.*, *.stl, *.obj



  4. hi,
    at this page
    i use with free version of plugin:

    [wordpress_file_upload uploadpath=”../uploads/meetings” uploadpatterns=”*.pdf,*.txt,*.rtf” adminmessages=”true”]
    This is in a Shortcode block of Gutenberg editor.

    I experience two problems:

    1. .txt and .rtf files get rejected with message (example):

    File agenda.rtf not uploaded
    Upload failed!
    File not allowed.

    However .pdf files are uploaded successfully.
    I have checked (as you describe above) that .txt and .rtf are allowed. My filenames are not unusual e.g. agenda.rtf .

    2. An uploaded .pdf file appears in ../uploads , not ../uploads/meetings as I specified.
    Both these directories have permissions 755 on the target location.

    I would be grateful for any hints to allow .txt .rtf and to allow the target subdirectory.

    1. Hi, you have set (..) in uploadpath. This means that files will be uploaded in folder /uploads/meetings, relative the root of your website and not inside /wp-content folder.

      I do not see a reason why txt and rtf files are rejected. Do they contain any dot characters (.) in their filename? If not, try to simplify the shortcode by removing uploadpatterns attribute. Do they still fail?



  5. 1. I’m using OceanWP theme. I’ve added below to the very bottom of the functions.php file in the theme folder.

    global $wfu_extension_blacklist;
    if ( isset($wfu_extension_blacklist[“stl”]) ) unset($wfu_extension_blacklist[“stl”]);

    2. I’ve set Allowed File Extensions to: *.*, *.slc, *.stl

    I’m able to upload .jpg and .slc files, but not .stl file. There is only one . in the filename.

    I can’t figure out what the problem is. Can you please help?

    Also, how can I make “multiple line text field” much bigger?

    Thanks a lot!!

    1. Hi, by default the plugin is configured to reject files containing dots in the filename, in order to avoid double extensions. In order to change this behaviour, add the following line in functions.php:


      Regarding the field size, I need to see the page. Please send me an email at



  6. Hi Nickolas,

    I am suddenly getting the File Not Allowed error for all file formats. Have removed all formats from the Allowed File Extensions, but still getting the error: File not allowed. It was working fine till 2 days ago. Any idea what could be the issue?


    1. You have set Allowed File Extensions to be empty. You need to restore the default value *.* or set a more specific list of allowed extensions.



  7. Never mind on my previous question. I figured it out. Needed to set “WFU_SANITIZE_FILENAME_DOTS” = “false” in my functions.php. Working as planned now.


Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.