Manage WordPress site files from the dashboard, no SFTP needed
Browse the full file tree, edit files inline, upload by drag-and-drop, zip and extract archives, search by name or content, and restore prior versions from an encrypted history panel. Off by default, restricted to owner and admin, and every action is written to the audit log.
Every file change on a managed site used to mean opening an SFTP client or a host control panel
Fixing a config file, reviewing a plugin's output, or uploading a replacement asset all require switching tools. A file manager built into the fleet dashboard removes that context switch without relaxing security: write access is off by default, executable files are blocked from being written, protected WordPress directories are off-limits, and every action is written to the same tamper-evident audit log that covers every other WPMgr operation.
Under the hood
The steps that make it work, and what each one does.
Browse, preview, and download
Enable read access per site. Browse the full file tree, preview text files inline, and download any file. Binary files and large files download via presigned URL. A deny-list covering wp-config.php, .env, and key files requires owner confirmation before access.
Edit, upload, rename, and delete
Enable the separate write toggle (off by default) to unlock editing files, uploading by drag-and-drop, creating folders, renaming, deleting with a typed confirmation, and changing permissions to safe modes. PHP files and any content containing executable markers are blocked from being written. wp-admin, wp-includes, and WordPress core are always protected.
Archive, extract, and search
Zip any file or folder and download the archive in one action. Extract a zip back into the site with zip-slip and zip-bomb protection enforced before a single byte is written. Search files by name or by content across the whole tree.
Browse and restore version history
Every edit and overwrite auto-saves an encrypted prior version. Open the version history panel on any file to see past revisions with timestamps and restore any of them in one click. No separate backup run required.
What's included
Every capability ships in the open-source release.
Full file tree browser
Browse the entire WordPress file system from the dashboard. Preview text files inline, download any file, and get binary and large files via presigned URL.
Executable-write prevention
The file manager refuses to write PHP files or any file whose content contains executable markers. wp-admin, wp-includes, and WordPress core directories are always protected.
Archive and extract
Zip files or folders and download the archive. Extract a zip back into the site with zip-slip traversal and zip-bomb size protection enforced before any file is written.
File search
Search the file tree by file name or by file content across the whole site without opening an SSH session.
Encrypted version history
Every edit auto-saves an encrypted prior version. Browse past revisions by timestamp and restore any version in one click from the history panel.
Filterable operator audit log
Every file read, write, delete, upload, extract, restore, and denial is written to the audit log. Filter the Audit page by the File manager action group or by site. A View activity link in the file manager jumps straight to that site's file trail.
Questions answered
Common questions about this feature.
Self-host it, read the code, and run your whole fleet.
Free and open source. No per-site fee. The full release is on GitHub.