If you work with WordPress long enough, you will upload a file that is not in WordPress’ default list of allowed file types. The file will upload, vanish suddenly, and you’ll be informed:
“Sorry, this file type is not permitted for security reasons.”
Then you’ll search Google for something like “wordpress file type not permitted for security reasons” and see several blog entries from WordPress “experts” urging you to copy and paste a code snippet that leverages the upload_mimes filter into your theme’s functions.php file.
Too bad that’s poor advice.
(To be fair, it’s not their fault. They’re just repeating what the WordPress Codex said one should do.)
Here’s the problem: although the part about the upload_mimes filter is correct, functions.php is specifically limited and tied to your current theme. If you add the upload_mimes filter script to functions.php in January, and then switch to a different theme in April, the customization you made will be lost– and you’ll need to repeat the entire process again.
Now, I’m almost 50 years old. I don’t have time to waste copying and pasting between different functions.php files every time I change a theme.
Here’s what I do:
I install and activate Shea Bunge’s Code Snippets plugin and add the upload_mimes filter code into my site as a snippet. I activate and test that code snippet, and as long as that plugin remains active, I can change themes all day long without worrying about suddenly being unable to load my .PGN (Portable Game Notation) files.
Remember, the only time to put code in functions.php is when you want to modify the current theme’s behavior– not the entire site.