← Plugins

Darkstar File Manager

Secure client document management system allowing administrators to share files with clients and clients to upload their own documents.

By justinblayney

Version 1.0.3 Active Installs 0+ Updated 6 days ago 11 days old
Download

Description

Darkstar File Manager is a secure, easy-to-use plugin that creates a private document portal for each WordPress user. Perfect for accountants, lawyers, consultants, or any business that needs to securely exchange documents with clients.

Key Features

  • Secure File Storage – Store files outside your web root for maximum security
  • User Isolation – Each client can only access their own documents
  • Two-Way File Sharing – Administrators can upload files for clients, and clients can upload files back
  • Separate File Sections – Client view shows “Documents from Professional” and “Your Uploaded Documents” separately
  • Simple Shortcode[dsfm_client_login] displays login form and document manager
  • File Type Validation – Configurable allowed file types (PDF, DOC, DOCX, XLS, XLSX, images, etc.)
  • File Size Limits – Set maximum upload size (1-100 MB, default 50 MB)
  • MIME Type Checking – Prevents malicious file uploads
  • Bulk Operations – Delete multiple files at once from admin panel
  • Translation Ready – Full internationalization support with Polylang integration
  • Responsive Design – Works on desktop, tablet, and mobile devices

How It Works

  1. Create a Client Portal Page – Add the shortcode [dsfm_client_login] to any page
  2. Configure Settings – Set upload path (outside web root recommended), file types, and size limits
  3. Upload Files for Clients – Go to Users hover over user click “View Documents” to upload
  4. Clients Access Files – Clients log in and visit the portal page to view and upload documents

Security Features

  • All files served through authenticated download handler (not direct file access)
  • Path traversal protection with directory separator enforcement
  • User authentication required
  • Nonce verification on all forms and downloads
  • CSRF protection on admin file downloads
  • File type, MIME, and WordPress built-in type validation
  • ZIP bomb protection (uncompressed content limit)
  • Upload rate limiting (20 uploads per user per hour)
  • Files stored outside web root by default
  • Protective .htaccess and index.php written to upload directory on activation
  • Each user can only access their own files

Note on File Storage

This plugin stores uploaded files outside the web root for security. Because of this requirement, files are moved using PHP’s move_uploaded_file() directly after passing validation through WordPress’s wp_check_filetype_and_ext(), our own MIME type check, extension allowlist, and size limits. Files cannot be stored through wp_handle_upload() without placing them inside the publicly accessible uploads directory, which would reduce security.

Perfect For

  • Tax professionals sharing documents with clients
  • Lawyers exchanging contracts and legal documents
  • Consultants sharing reports
  • Any business requiring secure client file exchange

Additional Information

Support

For support, please visit Darkstar Media or contact us through our website.

Privacy Policy

This plugin stores uploaded files on your server and metadata (filenames, timestamps, uploader) in JSON files. No data is sent to external servers.

Credits

Developed by Darkstar Media

Related plugins

View all alternatives

Plugin comparisons

See how this plugin stacks up against alternatives side by side.