wpmgr
File Manager

Manage WordPress site files from the dashboard, no SFTP needed

Browse the full file tree, edit files inline, upload by drag-and-drop, zip and extract archives, search by name or content, and restore prior versions from an encrypted history panel. Off by default, restricted to owner and admin, and every action is written to the audit log.

Every file change on a managed site used to mean opening an SFTP client or a host control panel

Fixing a config file, reviewing a plugin's output, or uploading a replacement asset all require switching tools. A file manager built into the fleet dashboard removes that context switch without relaxing security: write access is off by default, executable files are blocked from being written, protected WordPress directories are off-limits, and every action is written to the same tamper-evident audit log that covers every other WPMgr operation.

How it works

Under the hood

The steps that make it work, and what each one does.

1

Browse, preview, and download

Enable read access per site. Browse the full file tree, preview text files inline, and download any file. Binary files and large files download via presigned URL. A deny-list covering wp-config.php, .env, and key files requires owner confirmation before access.

2

Edit, upload, rename, and delete

Enable the separate write toggle (off by default) to unlock editing files, uploading by drag-and-drop, creating folders, renaming, deleting with a typed confirmation, and changing permissions to safe modes. PHP files and any content containing executable markers are blocked from being written. wp-admin, wp-includes, and WordPress core are always protected.

3

Archive, extract, and search

Zip any file or folder and download the archive in one action. Extract a zip back into the site with zip-slip and zip-bomb protection enforced before a single byte is written. Search files by name or by content across the whole tree.

4

Browse and restore version history

Every edit and overwrite auto-saves an encrypted prior version. Open the version history panel on any file to see past revisions with timestamps and restore any of them in one click. No separate backup run required.

What's included

Every capability ships in the open-source release.

Full file tree browser

Browse the entire WordPress file system from the dashboard. Preview text files inline, download any file, and get binary and large files via presigned URL.

Executable-write prevention

The file manager refuses to write PHP files or any file whose content contains executable markers. wp-admin, wp-includes, and WordPress core directories are always protected.

Archive and extract

Zip files or folders and download the archive. Extract a zip back into the site with zip-slip traversal and zip-bomb size protection enforced before any file is written.

File search

Search the file tree by file name or by file content across the whole site without opening an SSH session.

Encrypted version history

Every edit auto-saves an encrypted prior version. Browse past revisions by timestamp and restore any version in one click from the history panel.

Filterable operator audit log

Every file read, write, delete, upload, extract, restore, and denial is written to the audit log. Filter the Audit page by the File manager action group or by site. A View activity link in the file manager jumps straight to that site's file trail.

FAQ

Questions answered

Common questions about this feature.

Self-host it, read the code, and run your whole fleet.

Free and open source. No per-site fee. The full release is on GitHub.