Reduced by 1% when order is placed
Hurry up to get the best offer!
*See current discount amount on the site
Rating 4.5 stars - 2 votes

Fix WooCommerce Import Error “Sorry, this file type is not permitted for security reasons”

When you try to upload a CSV file via WooCommerce import/export tool and receive this kind of an error “Sorry, this file type is not permitted for security reasons” it feels confusing. If the importer itself offers to upload CSV why then it says that the file type is not allowed?

There are several reasons why this error may occur. In this article, we will review each reason in detail and offer you proven solutions. Let’s get started!

Possible reason #1 – an issue in the earlier versions of WordPress

In 2018, WordPress introduced more strict file type checking (MIME type checking) in one of their releases.

MIME type checking is aimed at identifying malicious content which can affect the website by pretending to be a safe type of a document when in fact it isn’t.

After that update, CSV was mistakenly treated as an unknown content type and therefore couldn’t be uploaded. The fix was added in WordPress 5.0.3 in 2019. Users who haven’t updated to the latest version can still receive this error:

WooCommerce sorry this fyle type is not allowed for security reasons error
An error message "Sorry this fyle type is not allowed for security reasons" you can get during WooCommerce CSV import

As the issue was fixed in the upcoming releases, the best solution would be to update to the latest WordPress version. If, for some reason, you don’t want to update to the latest stable version of WordPress, you can use the suggested solutions described below.

How to fix WooCommerce CSV import “Sorry, this file type is not permitted for security reasons” error

The WordPress community offers a number of solutions to resolve or overcome this WooCommerce CSV import error. Here are some of the workarounds that were tested by us and proved to work.

On some forums, we’ve also met a suggestion to change file extension from .csv to .txt but it didn’t work for us. So we won’t recommend it in this article.

Use the Disable Mime Check Plugin

To disable MIME type checking, you can install the Disable Real Mime Check plugin. Activate the plugin and import your CSV file via the import/export tool.

WooCommerce disable MIME check plugin
Use a WooCommerce disable MIME check plugin as a workaround to the issue

Upload and import a CSV file from FTP

With this method you use the native functionality of WooCommerce and don’t need to install any plugins. If you have access to the FTP of your website, upload the file there and import it using WooCommerce import/export default tool.

In our case, we accessed the server of our test website via FileZilla, opened the root directory, and created an “Import” folder there. Then dragged a CSV file to the folder.

After that, in the store admin we went to Products > Import Products > Show Advanced Options:

WooCommerce import CSV advanced options
Click the Show advanced options link to specify the path to the CSV file on FTP

There we specified the path to the CSV file on FTP.

Note: Folder name on the FTP is case sensitive. So you should specify the same name in the FTP path. The field where you should enter the path to the file already displays the path to the root category. So you should only add Folder name/File name:

WooCommerce import CSV from FTP
Enter the path to the FTP to import a CSV file to WooCommerce

After clicking “Continue” we were led to the “Column Mapping” step that meant that CSV file was allowed for import.

Add the ALLOW_UNFILTERED_UPLOADS constant to the wp-config.php file

As it was mentioned above, WordPress filters the types of files which can be uploaded to prevent the upload of malicious content. To overcome the error and upload a CSV file which is mistakenly treated as disallowed you can disable the filter.

  1. Open the wp-config.php file
  2. Add the following code:


WooCommerce allow unfiltered uploads
Add a line of code in the WooCommerce wp-config file to allow unfiltered uploads

Disable MIME Type Checking by adding a snippet in the php file

The error may be caused by WooCommerce not finding the file in the path it should be found normally. You can disable the file path checking by adding the following snippet to the functions.php file:

add_filter( 'woocommerce_product_csv_importer_check_import_file_path', '__return_false' );

Possible reason 2 – permission error when importing HTML

The error “Sorry, this file type is not permitted for security reasons” may also occur if the import file contains HTML tags. On some servers, this file type can be mis-detected by WordPress. A possible solution offered in the official WooCommerce Product CSV Importer and Exporter documentation is to add this line of code to your wp-config.php file:


Note: Note: We advise that you should edit the files / code only if you are sure in your actions. Otherwise, contact your developer. A mistake in the code may lead to the crush of your website.

Using Store Manager for WooCommerce to Import CSV files Flawlessly

A Product Import Wizard within Store Manager for WooCommerce will help you to overcome the “Sorry, this file type is not permitted for security reasons” issue without disabling the MIME check.

We’ve tried to import a CSV file using Store Manager for WooCommerce application. As you can see, the CSV file was accepted, and the import proceeded to the mapping step:

WooCommerce Errorless Import Tool
WooCommerce Errorless Import Tool

If you are not familiar with Store Manager for WooCommerce yet here is a short intro:

  • It is a desktop application that allows managing your store via a user-friendly interface. Unlike many plugins, it helps not with one certain task, but literally hundreds of everyday tasks.
  • With Store Manager, you can perform one-time and scheduled import/export of WooCommerce products and product variations, customers, categories, mass updates of prices, sale price active dates, stock, backorders, images and other product data, database backup and restore and other tools.

  • Store Manager offers built-in addons for the integration with Amazon, eBay, ICEcat, QuickBooks.

  • You can manage multiple WooCommerce stores within a single interface.

  • You can manage your store locally and post the changes to the live store when you are ready!

We hope this article will help you to overcome the “Sorry, this file type is not permitted for security reasons” issuing WooCommerce and you will run your import successfully.

Use Store Manager for a hassle-free WooCommerce CSV import!

Trt FREE now!

Related Articles:
Card image
Delete WooCommerce Products Without Import

Delete WooCommerce Products by Stock, Name, Date Modified, etc. Without Import Read More...

Card image
Import WooCommerce Products Preserving IDs

Import products to a new instance of WooCommerce preserving product IDs. Read More...

Card image
Merge Product Brand Name and Title Upon Import

How to add a brand name to a product title in WooCommerce via import. Read More...

Card image
How to Delete WooCommerce Products via Import

Mark products as drafts and delete them after import.

D • 03/21/2021

thank you

Soapseller • 04/30/2021

I resolved my issue by ftp-upload and it was easy.

pempho • 08/31/2021

Thank you. worked for me

M • 09/02/2021

resolved with this define( 'ALLOW_UNFILTERED_UPLOADS', true ); thanks

Jeromy Adofo
Jeromy Adofo • 04/23/2022

Solved using the upload method (I uploaded via the website cPanel interface).

Cornel Raiu
Cornel Raiu • 11/17/2022

It can also be solved by applying a filter on the `map_meta_cap` to only allow CSV upload for certain users and only on that particular request. That one doesn't need to enable `ALLOW_UNFILTERED_UPLOADS` globally or use any plugin 🙂