“Sorry, this file type is not permitted for security reasons.”
Even after adding the standard upload_mimes filter, some SVG files still trigger “Sorry, this file type is not permitted for security reasons.” In most cases, a missing XML declaration at the top of the SVG file is what causes the server-side MIME check to fail.
Problem: WordPress is blocking SVG uploads, even after you've tried to allow them.
Solution: We covered the standard fix in an earlier post. If you've followed all those steps and still see "Sorry, this file type is not permitted for security reasons.", there's one more thing to try. Open the SVG file in any text editor and add the following XML declaration at the very top:
<?xml version="1.0" encoding="utf-8"?>Save the file and try uploading again. That should do it.
NOTE: If the XML declaration still doesn’t fix it, open the SVG in a text editor and check that the file encoding is UTF-8 without BOM. Some tools save SVGs with a byte order mark at the start of the file, which can confuse server-side MIME detection and cause the upload to fail even with the correct upload_mimes filter in place.