Content Mask


Read More About Content Mask

Content Mask allows you to embed any external content onto your own WordPress Pages, Posts, and Custom Post types. The end result is similar to setting up a domain mask though the content is embedded into the front end of your website and is fully contained inside your WordPress permalink ecosystem.

With a simple 2-Step UI, you can embed any external content into your website. Simple enable the Content Mask on any Page, Post, or Custom Post type by clicking on the check mark; Then put in the URL that contains the content you want to embed.

  • Using the Download (default) method will fetch the content from the Content Mask URL, cache it on your website, and replace the current page request with that content.

  • Using the Iframe method will replace the current page request with a full width/height, frameless iframe containing the host URL. This method is ideal if you rely on whitelisted IP/domain names for certain functionality including serving scripts, styles, and images.

  • Using the Redirect (301) method will simply redirect the visitor to the host URL.


  • Please confirm you’re allowed to utilize and embed the content before embedding any particular URL, don’t Content Mask any content you don’t have license to share or use.

  • Content embedded using the Download method is cached using the WordPress Transients API for 4 hours by default. If the content on the external URL is updated and you would like a fresh copy, you may just click the “Update” button on the Page, Post, or Custom Post Type to refresh the transient, or click the “Refresh” link in the Content Mask Admin panel. You may also change the cache expiration timer per page anywhere from “Never” to “4 weeks”.

  • You may use the Transients Manager plugin to manage transients stored with the Download method. All Content Mask related transients contain the prefix “content_mask-” plus a stripped version of the Content Mask URL, such as “content_mask-httpxhynkcom”.

Read More About Content Mask


  • Enable the Content Mask with the ? - Put in the URL of the content you would like to embed. Done! Optionally, choose a different method (Download, Iframe, or Redirect). If using the download method, you may also change the cache duration from never up to 4 weeks (you may refresh the cache at any point manually).
  • The Content Mask Admin Panel shows a list of all Content Mask pages/posts and their current settings. Quickly enable or disable the Content Mask with a single click on the Method icon. The cache may also be refreshed from this page. Only pages/posts that the current user can edit are displayed.
  • Notice that the URL has remained unchanged, but when Content Mask is enabled, it fully and seamlessly replaces all of the content on that permalink with the content from the Content Mask URL.


Must download

This works seamlessly and the developer is extremely responsive. You can tell he cares about his products.

Outstanding Time Saver!

This plug is wonderful! It works efficiently and saved me from custom coding, subdirectories, DNS changes, and more. I’m usually reluctant donate to plugins, but for this one I was more than happy to do so!


Okay I am officially in love with this plugin. I’ve searched this for like literally over a month now and your plugin helped me. Thank you SO SO SO SO MUCH FOR THIS PLUGIN 🙂

Read all 3 reviews

Contributors & Developers

“Content Mask” is open source software. The following people have contributed to this plugin.


Translate “Content Mask” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.


  • Removed the Cache Refresh option in the Content Mask Admin page for Masks set to Iframe and Redirect (since those methods aren’t cacheable)
  • Reverted the change made in 1.4.2 and moved the Page Processing function back to the template Redirect Hook. It was causing issues with homepage redirection.
  • Password protection and removal have extraneous scripts has been added to this version of the Page Processing function as well.


  • Content Masked pages now respect the Password Protected visibility status.
  • When a Content Masked page is Password Protected, it shows the default page with the standard password form. Once the password is successfully submitted, the Content Mask will perform as usual.
  • Removed superfluous and/or commented out code that’s no longer used.


  • To speed up Content Mask time, the page processing function has been moved to an earlier hook.
  • Redundant URL Validity checks have been removed.
  • Title has been linked in the Content Mask admin list for ease-of-use.
  • Scripts and Styles that are hooked in an unorthodox manner are now killed before rendering a Content Masked page, this will speed up the page, prevent unwanted styles and scripts from being loaded, prevents JS errors from unrelated plugins being thrown in the console.


  • Modified the Content Mask admin page table layout
  • The Mask URL column is now linked and clickable.
  • Cache Expiration column has been added.
  • Cache may be refreshed by clicking on Refresh in the Cache Expiration column (shows on row hover).
  • Edit and View columns have been removed.
  • Edit and View links have been added to to the Title column (shows on row hover)


  • Cache (WP Transient) Duration for the Download Method can now be controlled with common values from 1 hour to 4 weeks.


  • Underthe hood improves with custom field variable extraction.
  • Improved SVG icon clarity.
  • Added Content Mask column to Page and Post edit lists which allows an at-a-glance preview of whether Content Mask is enabled, and which type; as well as allowing an Ajax button-press to enable or disable the Content Mask (like on the Content Mask overview admin page).


  • Minor changes to prevent undefined variable and similar E_NOTICE level errors from appearing when debug mode was enabled.
  • Removed dependency from external CSS in the admin, namely FontAwesome and Line Icons.
  • Prevented irrelevant meta field checks when not strictly necessary.


  • Behind the scenes improvement with the plugin name and label
  • Addressed CSS issues with plugins that used the @keyframes name “check”
  • Prevented the process_page_request function from firing in non singular instances. Post lists and archive pages were firing the first content mask they ran across.
  • Replaced the $cm instance variable with a private variable to eliminate namespace conflicts


  • Added Content Mask admin page that shows a list of all current Content Masks that the logged in user is allowed to edit. Each row displays all the pertinent info for each Content Mask, and allows a one-click interface to disable or enable it.
  • Using the Download method will now replace all relative URLs from the Content Mask URL with an absolute URL. This includes all src, href and action attributes. Protocol relative and existing absolute URLs are unaffected, but this should allow for significant improvements to consistency, especially with local form actions and local image & script libraries.
  • Some fluff code has been removed from the front end of the Iframe method.

  • Forgot to remove class methods that were no longer in use, which triggered E_NOTICE errors in some sites.

  • Content Mask URL’s without a protocol have http:// added to them, since not all sites are secure yet. However, if your site is secure, it won’t display http:// iframes. Iframe method now checks if your site is secured with ssl, and if so force updates the Content Mask URL’s protocol to https://. If the content still is blank, it’s because the iframe’d site is insecure and wouldn’t show up either way.


  • If other (namely really large) metaboxes were hooked in, Content Mask Settings were hard to see. Moved inline CSS and JS to separate files and improved the design of the metabox to make it stand out much more when buried deeply in the admin.


  • Elegant Theme’s “Bloom” was interfering and still being hooked. It’s now been forcefully unhooked on Content Mask pages (regardless of content displayed)


  • Made Content Mask Method an array to allow for easier updating/additions in the future


  • Provided better URL validation on the front end


  • Replaced get_page_content functions cURL methods with integrated WP HTTP API methods instead
  • Added custom sanitization functions for text (URL) inputs, select boxes, and checkboxes.
  • Escaped post meta field values when returned in the admin and front-end.


  • Initial Public Repository Release