WordPress 3.6.1: How To Upload swf Files

by Doug Sparling

If you have tried to upload a swf (or exe) file and gotten an error message something like this:

“filename.swf” has failed to upload due to an error
Sorry, this file type is not permitted for security reasons.

That’s because WordPress 3.6.1 has added some new security restrictions in regards to file uploads (http://codex.wordpress.org/Version_3.6.1)

Additional security hardening:

Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML.

And while it’s best to take these security changes seriously, in come cases you may need to upload a swf file (or an exe, but I’d never see a need to do that). So if you’d like to allow uploading of a swf file via the Media Manager in WordPress 3.6.1, just add this code to your theme’s functions.php file:

function add_upload_mime_types( $mimes ) {
    if ( function_exists( 'current_user_can' ) )
        $unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' );
    if ( !empty( $unfiltered ) ) {
        $mimes['swf'] = 'application/x-shockwave-flash';
    return $mimes;
add_filter( 'upload_mimes', 'add_upload_mime_types' );