Sorry, this file type is not permitted for security reasons.

When attempting to upload custom font files (eg. .woff) you may encounter a security error in WordPress:

"font.woff" has failed to upload. Sorry, this file type is not permitted for security reasons.

This is set at the host level, but can over over-ridden with WordPress filters.

Warning

Custom fonts often aren't developed with CLS in mind, and additional effort may be needed to match the line-height, letter-spacing and font-size with the font being swapped.

This is highly technical and not something we offer support for.

Solution

Temporarily create a code snippet with the following:

add_filter( 'wp_check_filetype_and_ext', 'wpse_file_and_ext_woff', 10, 4 );
function wpse_file_and_ext_woff( $types, $file, $filename, $mimes ) {
    if ( false !== strpos( $filename, '.woff' ) ) {
        $types['ext'] = 'woff';
        $types['type'] = 'font/woff';
    }

    return $types;
}

function my_custom_mime_types( $mimes ) { 
// Add new MIME types here
$mimes['woff']  = 'font/woff|application/font-woff|application/x-font-woff|application/octet-stream';
return $mimes;
}
add_filter( 'upload_mimes', 'my_custom_mime_types' );

Source

• https://wordpress.stackexchange.com/questions/338624/upload-mimes-filter-not-working-need-to-allow-woff-and-woff2
• https://wordpress.stackexchange.com/questions/323221/allowing-webp-uploads/323226#323226