Via the Site Identity settings in the Customizer, I can’t upload a favicon image.
Site Identity != favicon image. It’s used for favicons and resized down but it’s also used in lots of other locations.
E.g. it can appear in:
- the theme header as the logo
- smartphone homescreens
- twitter and FB previews
So uploading a tiny image can be harmful, this is why the site identity has a minimum size recommendation. .ico
files do not work in those places.
I get the error message ‘Sorry, you are not allowed to upload this file type.’
Yes and no, WP does indeed support uploading of .ico
files:
return apply_filters(
'mime_types',
array(
// Image formats.
'jpg|jpeg|jpe' => 'image/jpeg',
'gif' => 'image/gif',
'png' => 'image/png',
'bmp' => 'image/bmp',
'tiff|tif' => 'image/tiff',
'webp' => 'image/webp',
'ico' => 'image/x-icon',
'heic' => 'image/heic',
If you cannot then this means one of two things:
- a plugin or filter is removing support
- the
.ico
file is not actually a.ico
file and has the.ico
extension but is actually a different format, soimage/x-icon
doesn’t amtch - the host is passing the file with the incorrect mime type
Eitherway you should be using PNG instead as it has wider support, fewer issues, and allows for higher resolutions, bit depths, and quality than .ico
files.
The only benefit .ico
has is that it has wider support on very old browsers.
But if I just copy the favicon to my root directory via my Cpanel File Manager it works fine.
If no HTML tag tells the browser where to find the image for favicons, it requests /favicon.ico
from the server as a fallback. Since you did not set a site identity image, WP doesn’t print those HTML tags.
The browser is built to be very forgiving so even if it’s not a valid .ico
or if it’s a PNG with a .ico
extension it will still work when used this way.
Why is WordPress disallowing this? Is there a security reason?
WP allows it! But your server and the code in your theme/plugins does not. You will need to isolate this further by doing standard debugging steps such as disabling all plugins and using a default theme, then re-activating them one by one until the problem returns to identify the culprit.
But you shouldn’t be using .ico favicons anyway
The site identity is used for far more than the favicon, and there’s a reason WP wants files bigger than 512×512, because using a 64x64px icon for social media images and all the other things WP uses the site icon for would be bad for your site.
.ico
files have limited support and capabilities, and have fundamental limitations on resolutions. They also have historic security issues.
You may want to upload a .ico
file via CPanel for very old software but even if you do that, you should still include a PNG favicon via WP’s site identity.
Note that there are tools and converters that can take an existing .ico
file and transform it into a PNG file, so needing a PNG file should not be a problem, even if the only file you have is in the .ico
format.