Support » Plugin: WooCommerce » WP 5.0.1 breaks WooCommerce csv import?

  • Resolved csilvasuperiortext


    Yesterday I began importing a list of product csv’s to WooCommerce and everything was going fine. Today when I got in, I updated to WordPress 5.0.1 and now the importer does not work and gives and error of:
    “Sorry, this file type is not permitted for security reasons.”
    Is this a known bug with WordPress 5.0.1 and WooCommerce 3.5.2? Anyone know of a solution? Need to get these products imported!

Viewing 15 replies - 1 through 15 (of 37 total)
  • emilygonsalves


    I am also having this issue. With a CSV file that had the same settings as I normally do and the only change is the latest WordPress update.

    I tried figuring out a MIME type fix, but it didn’t work.



    Put this in wp_config.php:

    define(‘ALLOW_UNFILTERED_UPLOADS’, true);



    Well, I’m glad that I’m not the only one, at least.
    @seank123, I don’t necessarily want to modify my wp_config file. That solution may work, but I’d be more comfortable with a stock solution that doesn’t involve me having to modify core files to get basic functionality.

    Moderator Ipstenu (Mika Epstein)


    🏳️‍🌈 Plugin Review Team Rep

    I strongly disrecommend allowing unfiltered uploads, as that means ALL USERS who can upload files can upload ANY files.

    This is a major security risk, and not one I would recommend.

    I believe this issue is caused by this change:

    MIME validation for uploaded files

    Prior to 5.0.1, WordPress did not require uploaded files to pass MIME type verification, so files could be uploaded even if the contents didn’t match the file extension. For example, a binary file could be uploaded with a .jpg extension.

    This is no longer the case, and the content of uploaded files must now match their extension. Most valid files should be unaffected, but there may be cases when a file needs to be renamed to its correct extension (e.g., an OpenOffice doc going from .pptx to .ppxs).

    It’s possible the CSV isn’t actually saved properly as a CSV.



    @ipstenu Thanks for that information. This is definitely a CSV file created and exported from Excel as a CSV file type and using the CSV extension. Do you have any other suggestions as to what might be causing this issue?

    EDIT: I even just did a test where I did WooCommerce>Export product csv and took that (again, direct from WooCommerce) and tried to import it and got the same error.

    Plugin Support dougaitken


    Automattic Happiness Engineer

    Hi all,

    We are tracking this issue on GitHub –

    Please see that thread for full details. There is a patch open on Core Trac to hopefully fix this.




    @dougaitken Excellent will have a look at that!

    Plugin Support ryanr14


    Hi all,

    If you’ve not seen the GitHub thread on this issue then there are a couple of current workarounds.

    1 – Try using a plugin called Disable Real Mime Check.

    2 – Rename your CSV file from foo.csv to foo.txt, and everything should continue working.

    1 – Try using a plugin called Disable Real Mime Check.

    This worked for me. Thanks Ryan!

    @cordz or those who’ve made this work. What version of WP is needed and is a closing PHP ?> needed if making a mu-plugin? Please advise.

    I’m not sure why this isn’t helping (the interim solution).

    Also, any news RE the official release/patch/update?

    Plugin Support ryanr14


    Hi @linuxhombr3,

    At the moment I wouldn’t recommend using one of the previous versions of WordPress where the CSV import worked fine. I say that as the updates fixed some bigger, and now known to bad actors, security holes.

    There is a patch for this issue coming to either WordPress 5.0.2 or 5.0.3, and I believe that if the patch is pushed to WordPress 5.0.3 that we’ll also put out a fix in WooCommerce 3.5.3. I could be wrong on that, but do follow along with the thread on this issue via GitHub.

    Did none of the mentioned solutions work for you?

    None of the above worked without having to first compromise security :*(

    I’m following the GIT post but not seeing anything that can assist in the interim of the release/patch from WP.

    Could you assist, @ryanr14

    Plugin Support ryanr14


    Hi @linuxhombr3,

    Had you tried to rename your CSV file? You should be able to change the file extension from foo.csv to foo.txt and that will upload/import.

    Also, if you can upload the CSV file via FTP or another file manager to your server you can use the advanced options to tell the product importer to grab it from the server. That should work as well in sidestepping the import issue with WordPress at the moment.

    E.G. – Products -> Import -> “Show advanced options” -> set the path to your .csv file (e.g. ‘wp-content/uploads/your-new-products.csv’) -> Press Continue.

    Same issue, when i rename to .txt, the file won’t map correctly from what it looks like in the import screen.

    Hi @ryanr14

    Thanks for your efforts here.

    Test A)
    I just tried to rename to text file and it didn’t work.

    Test B
    Put the CSV (and TXT respectively) on the server directly, referencing the path directly, still unfortunately to no avail.
    – here is a screenshot showing that this is, as WordPress/WooCommerce have indicated, is an unexpected WP CORE issue. You can see that the fields, regardless of what way we insert the file, refuse to be mapped:

    Any input is very greatly appreciated as we are trying to avoid enabling the MIME filetype checker. That will have to be my next test, however.


Viewing 15 replies - 1 through 15 (of 37 total)
  • The topic ‘WP 5.0.1 breaks WooCommerce csv import?’ is closed to new replies.