WordPress 4.9.9 File Type Not Permitted Workaround

WordPress 4.9.9 as well as 5.0.1 and ALL the “security patch releases” back to 3.7 now have a new CSV file management bug.   Any CSV file that is uploaded is rejected by WordPress due to a security violation.   

The Quick Fix

Add this to your wp-config.php file:

define(‘ALLOW_UNFILTERED_UPLOADS’, true);

Yes, this will effectively disable all those cool new “security features” in the latest release of WordPress but it also will get your CSV imports working again.   Just remember to take this out when WordPress 4.9.10 (or 5.0.2) comes out — assuming they deem this new “security feature” a bug and patch it accordingly.

File Type Is Not Permitted – WordPress 4.9.9 and 5.0.1

file type is not permitted

Recently updated to WordPress 4.9.9 or 5.0.1 and your CSV file imports for Store Locator Plus® stopped working? It is now fairly common to see a “file type is not permitted” error when uploading files. You can thank yet another “WordPress security feature” — also known as “backwards compatibility break”.  This “update” came with absolutely no warning to plugin developers.

WordPress 4.9.9 and 5.0.1 break Store Locator Plus® Imports and thousands of other plugins.

This does not affect our Store Locator Plus® SaaS users thanks to our fully managed software stack, so they can rest easy and continue to import locations.

Protecting Google API Keys

protecting google api keys

For those of you in the self-service Store Locator Plus® WordPress plugins camp you are going to want to spend time protecting your Google API Keys.    For those using our Store Locator Plus® managed SaaS service, this is yet another article you can skip.

The basic configuration of Google API Keys tells you to turn off ALL restrictions on the first API key you setup with Google.    Turns out a lot of people have issues with configuring the keys properly and getting them put in the right place. 

To make matters more complicated, some lower-end web hosting companies don’t understand security and in turn shut off critical web services that do nothing to improve security; Like disabling all communication between the web server and Google.  That breaks things like the ability to Geocode locations in Store Locator Plus®.

This article is here to tell our WordPress plugin users how to properly secure their Google API keys for web hosts are configured properly.