Incorrect MIME type detection triggering “Sorry, This File Type Is Not Permitted For Security Reasons” error in WordPress

Previously I posted about how to make WordPress permit additional file types to be uploaded. (My approach still works as of this writing.) Recently however I discovered some files that *should* be allowed via this method were still triggering “Sorry, This File Type Is Not Permitted For Security Reasons” errors anyway. After 3 hours of digging through WP core code to find the problem, it turns out to be a deficiency in the way PHP itself detects MIME types. I present my solution to you here, in case you find yourself in the same situation.

Continue reading Incorrect MIME type detection triggering “Sorry, This File Type Is Not Permitted For Security Reasons” error in WordPress

How to remove WordPress’ “PHP Update Required” nag box

WordPress recently introduced a scary “PHP Update Required” nag box on your WP dashboard. “Your site is running on an insecure version of PHP” they say. Isn’t that lovely? Well, no WordPress, just because my PHP version is “old” does not make it “insecure”. Fuck you.

Fortunately it’s easy to remove. Just add the following to your functions.php:

Continue reading How to remove WordPress’ “PHP Update Required” nag box

[DEVELOPING] Possible Email DDOS attack exploiting MailPoet (WordPress plugin)

This is a developing issue happening right now, please check back on this page for any updates over the following days.

Last updated 2018-03-29

Starting around March 25, 2018, I started seeing an unusual amount of bounces from my email server. The emails bouncing were the double-opt-in “please confirm your subscription” messages automatically generated by the WordPress plugin MailPoet.  This happens from time to time if, for example, somebody accidentally mis-types their email address. But now, suddenly they were coming in repeatedly for the same handful of addresses, including ones like support@linode.com and abuse@linode.com. So out of curiosity I headed over the Linode Status page, and saw this:

Continue reading [DEVELOPING] Possible Email DDOS attack exploiting MailPoet (WordPress plugin)

Fix “Sorry, This File Type Is Not Permitted For Security Reasons” Error in WordPress

So you’re trying to upload an otherwise harmless file into WordPress, and you keep getting a “Sorry, This File Type Is Not Permitted For Security Reasons” error.  Sure you could just upload the file via FTP, but it wouldn’t be attached to anything in the WP database.  Now what do you do?

There are probably many ways to solve this, but here is the approach that worked best for my particular use case.  I’ll share it here in case it helps someone else too.

Continue reading Fix “Sorry, This File Type Is Not Permitted For Security Reasons” Error in WordPress