Fix WooCommerce Import Error “Sorry, this file type is not permitted for security reasons”
When you try to upload a CSV file via WooCommerce import/export tool and receive this kind of an error “Sorry, this file type is not permitted for security reasons” it feels confusing. If the importer itself offers to upload CSV why then it says that the file type is not allowed?
There are several reasons why this error may occur. In this article, we will review each reason in detail and offer you proven solutions. Let’s get started!
Possible reason #1 – an issue in the earlier versions of WordPress
In 2018, WordPress introduced more strict file type checking (MIME type checking) in one of their releases.
MIME type checking is aimed at identifying malicious content which can affect the website by pretending to be a safe type of a document when in fact it isn’t.
After that update, CSV was mistakenly treated as an unknown content type and therefore couldn’t be uploaded. The fix was added in WordPress 5.0.3 in 2019. Users who haven’t updated to the latest version can still receive this error:

As the issue was fixed in the upcoming releases, the best solution would be to update to the latest WordPress version. If, for some reason, you don’t want to update to the latest stable version of WordPress, you can use the suggested solutions described below.
How to fix WooCommerce CSV import “Sorry, this file type is not permitted for security reasons” error
The WordPress community offers a number of solutions to resolve or overcome this WooCommerce CSV import error. Here are some of the workarounds that were tested by us and proved to work.
On some forums, we’ve also met a suggestion to change file extension from .csv to .txt but it didn’t work for us. So we won’t recommend it in this article.
Use the Disable Mime Check Plugin
To disable MIME type checking, you can install the Disable Real Mime Check plugin. Activate the plugin and import your CSV file via the import/export tool.

Upload and import a CSV file from FTP
With this method you use the native functionality of WooCommerce and don’t need to install any plugins. If you have access to the FTP of your website, upload the file there and import it using WooCommerce import/export default tool.
In our case, we accessed the server of our test website via FileZilla, opened the root directory, and created an “Import” folder there. Then dragged a CSV file to the folder.
After that, in the store admin we went to Products > Import Products > Show Advanced Options:

There we specified the path to the CSV file on FTP.

After clicking “Continue” we were led to the “Column Mapping” step that meant that CSV file was allowed for import.
Add the ALLOW_UNFILTERED_UPLOADS constant to the wp-config.php file
As it was mentioned above, WordPress filters the types of files which can be uploaded to prevent the upload of malicious content. To overcome the error and upload a CSV file which is mistakenly treated as disallowed you can disable the filter.
- Open the wp-config.php file
- Add the following code:
define('ALLOW_UNFILTERED_UPLOADS', true);

Disable MIME Type Checking by adding a snippet in the php file
The error may be caused by WooCommerce not finding the file in the path it should be found normally. You can disable the file path checking by adding the following snippet to the functions.php file:
add_filter( 'woocommerce_product_csv_importer_check_import_file_path', '__return_false' );
Possible reason 2 – permission error when importing HTML
The error “Sorry, this file type is not permitted for security reasons” may also occur if the import file contains HTML tags. On some servers, this file type can be mis-detected by WordPress. A possible solution offered in the official WooCommerce Product CSV Importer and Exporter documentation is to add this line of code to your wp-config.php file:
define( 'ALLOW_UNFILTERED_UPLOADS', true );
Using Store Manager for WooCommerce to Import CSV files Flawlessly
A Product Import Wizard within Store Manager for WooCommerce will help you to overcome the “Sorry, this file type is not permitted for security reasons” issue without disabling the MIME check.
We’ve tried to import a CSV file using Store Manager for WooCommerce application. As you can see, the CSV file was accepted, and the import proceeded to the mapping step:

If you are not familiar with Store Manager for WooCommerce yet here is a short intro:
- It is a desktop application that allows managing your store via a user-friendly interface. Unlike many plugins, it helps not with one certain task, but literally hundreds of everyday tasks.
- Store Manager offers built-in addons for the integration with Amazon, eBay, ICEcat, QuickBooks.
- You can manage multiple WooCommerce stores within a single interface.
- You can manage your store locally and post the changes to the live store when you are ready!
With Store Manager, you can perform one-time and scheduled import/export of WooCommerce products and product variations, customers, categories, mass updates of prices, sale price active dates, stock, backorders, images and other product data, database backup and restore and other tools.
We hope this article will help you to overcome the “Sorry, this file type is not permitted for security reasons” issuing WooCommerce and you will run your import successfully.
Use Store Manager for a hassle-free WooCommerce CSV import!
Trt FREE now!Related Articles:

Delete WooCommerce Products Without Import
Delete WooCommerce Products by Stock, Name, Date Modified, etc. Without Import Read More...

Import WooCommerce Products Preserving IDs
Import products to a new instance of WooCommerce preserving product IDs. Read More...

Merge Product Brand Name and Title Upon Import
How to add a brand name to a product title in WooCommerce via import. Read More...

How to Delete WooCommerce Products via Import
Mark products as drafts and delete them after import.Read More...
thank you
I resolved my issue by ftp-upload and it was easy.
Thank you. worked for me
resolved with this define( 'ALLOW_UNFILTERED_UPLOADS', true );
thanks
Solved using the upload method (I uploaded via the website cPanel interface).
It can also be solved by applying a filter on the `map_meta_cap` to only allow CSV upload for certain users and only on that particular request. That one doesn't need to enable `ALLOW_UNFILTERED_UPLOADS` globally or use any plugin 🙂