Descrição
R2 Storage Manager Lite enables restricted file management between WordPress and Cloudflare R2 using its S3-compatible API.
Upload files to your R2 bucket, browse stored objects, and generate expiring signed download links — all from your WordPress dashboard.
Unlike traditional storage solutions, this plugin ensures that your files remain private and are only accessible through controlled, time-limited URLs.
Key Features (Lite)
- Secure Document Sync – Synchronize documents and digital assets from WordPress to Cloudflare R2 without altering frontend media URLs.
- Direct Upload to R2 – Securely upload files from WordPress to Cloudflare R2.
- Secure Downloads via REST API – Generate expiring signed URLs using a hardened REST endpoint.
- Private File Delivery – Files are not publicly accessible and are delivered via signed URLs.
- Configurable Expiration – Set custom expiration times for download links.
- Basic File Browser – View and manage stored files from the admin panel.
- S3-Compatible API – Fully compatible with Cloudflare R2 infrastructure.
Use Cases
- Deliver private digital files securely
- Share time-limited download links
- Protect premium content
- Replace insecure direct file URLs
- Manage external storage for documents and digital assets
Pro Version (Optional)
Upgrade to unlock advanced capabilities:
- High-capacity multipart uploads for very large files
- Drag & drop interface
- Advanced file manager with folders
- Download tracking & analytics
- User quotas and restrictions
- Advanced security (IP, referer, geo restrictions)
- Webhooks & automation tools
More information: https://www.r2suites.com/products/wordpress/cloudflare-r2-storage-manager-pro
Architectural Policy & Limitations
CR2SM Lite is a Secure File Sync tool for documents, zip files, and digital products. It is NOT an image CDN or frontend acceleration plugin.
To guarantee architectural stability and prevent unexpected CDN abuse, this plugin enforces a strict No-URL-Rewrite Policy:
* It MUST NOT filter wp_get_attachment_url.
* It MUST NOT rewrite srcset attributes.
* It MUST NOT replace native attachment URLs on your frontend.
* It MUST NOT alter frontend delivery or inject CDN URLs.
This plugin is exclusively designed for secure backend synchronization of documents and digital assets.
External Services
This plugin connects to Cloudflare R2 Object Storage.
Service provider: Cloudflare, Inc.
Service URL: https://www.cloudflare.com/
Privacy Policy: https://www.cloudflare.com/privacypolicy/
Purpose:
Storage and secure delivery of files via S3-compatible API.
Data sent:
* Access Key ID
* Secret Access Key
* Bucket name
* File upload and retrieval requests
Data is only transmitted when explicitly configured and used by the administrator.
Gutenberg Block
The plugin includes a built-in “R2 Download” block. You can insert a download button directly in the WordPress block editor without using shortcodes.
Simply search for “R2 Download” in the block editor and configure the file key and label.
Shortcodes
Use the shortcode to generate a secure download button with restricted access:
[cr2sm_download file=”lite/file.pdf” label=”Download”]
Files are delivered through time-limited signed URLs and are not publicly accessible.
Imagens de tela
Dashboard overview. 
Settings page. 
Upload interface.
Blocos
Este plugin disponibiliza 1 bloco.
- R2 Download
Instalação
- Upload the plugin to
/wp-content/plugins/r2-storage-manager-for-cloudflareor install via WordPress. - Activate the plugin.
- Go to R2 Storage Lite Settings.
- Enter:
- Endpoint
- Access Key
- Secret Key
- Bucket Name
FAQ
-
Does this plugin offload WordPress media?
-
No. CR2SM Lite performs secure document synchronization only.
Files are copied to Cloudflare R2 while local WordPress files remain untouched.
The plugin does not:
– replace attachment URLs
– rewrite srcset attributes
– function as an image CDN
– remove local WordPress uploads -
Are files publicly accessible?
-
No. Files are delivered through signed URLs and are not publicly exposed.
-
Can I control download access?
-
Yes. You can enable login restrictions and control URL expiration.
-
Is Cloudflare R2 required?
-
Yes. You must have a Cloudflare account and an R2 bucket.
-
Are credentials secure?
-
Yes. Credentials are stored using WordPress options and used only for API communication with R2.
-
Does the plugin send data to third parties?
-
No. Only Cloudflare R2 is used. No tracking or analytics is included.
-
Does the plugin support Gutenberg blocks?
-
Yes. You can use the built-in “R2 Download” block directly in the WordPress editor without using shortcodes.
Avaliações
There are no reviews for this plugin.
Contribuidores e desenvolvedores
“R2 Storage Manager for Cloudflare” é um software com código aberto. As seguintes pessoas contribuíram para este plugin.
Contribuidores
Traduzir “R2 Storage Manager for Cloudflare” para o seu idioma.
Interessado no desenvolvimento?
Navegue pelo código, dê uma olhada no repositório SVN ou assine o registro de desenvolvimento via RSS.
Registro de alterações
1.0.5
- Minor stability improvements and code optimization.
1.0.4
- Added secure Document Sync support for WordPress documents and digital assets.
- Enforced strict no-CDN and no-rewrite architectural boundaries.
- Security and UX hardening for shared hosting environments.
1.0.3
- Hardened file manager table for better stability and responsiveness.
1.0.2
- Added R2 Download Gutenberg block (Shortcode wrapper).
- Hardened block rendering logic with type-safety and sanitization.
- Refined Shortcodes admin view documentation and UI.
1.0.1
- Security hardening and compliance improvements
- Improved nonce validation for admin actions
- Migrated download system to REST API
- Strengthened file upload validation
1.0.0
- Initial release