{"id":326565,"date":"2026-06-30T02:02:18","date_gmt":"2026-06-30T02:02:18","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/flex-explorer\/"},"modified":"2026-06-30T02:02:01","modified_gmt":"2026-06-30T02:02:01","slug":"flex-explorer","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/flex-explorer\/","author":23412324,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"0.2.4","stable_tag":"0.2.4","tested":"7.0","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"Flex Explorer","header_author":"Flexa Tech","header_description":"A lightweight, read-only file browser for WordPress. Browse folders and view files inside wp-content from the admin.","assets_banners_color":"","last_updated":"2026-06-30 02:02:01","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/flexa.vn","rating":0,"author_block_rating":0,"active_installs":0,"downloads":29,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"0.2.4":{"tag":"0.2.4","author":"flexatech","date":"2026-06-30 02:02:01"}},"upgrade_notice":{"0.2.4":"<p>Resolves the content directory entirely through core functions with no internal constants. Recommended maintenance update.<\/p>","0.2.3":"<p>Uses core location functions for the content directory and tidies download handling. Recommended maintenance update.<\/p>","0.2.2":"<p>Adds filename search and confirms compatibility with WordPress 7.0.<\/p>","0.2.0":"<p>Adds single-file and folder-as-ZIP downloads.<\/p>","0.1.1":"<p>Security: tightens access on multisite and honours DISALLOW_FILE_EDIT. Recommended for all multisite users.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3590745,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3590745,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["0.2.4"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Browsing wp-content with a file previewed alongside the listing."}},"plugin_section":[],"plugin_tags":[83,1127,568,8848,88],"plugin_category":[],"plugin_contributors":[255540],"plugin_business_model":[],"class_list":["post-326565","plugin","type-plugin","status-publish","hentry","plugin_tags-admin","plugin_tags-browser","plugin_tags-download","plugin_tags-file-manager","plugin_tags-files","plugin_contributors-flexatech","plugin_committers-flexatech"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/flex-explorer\/assets\/icon-128x128.png?rev=3590745","icon_2x":"https:\/\/ps.w.org\/flex-explorer\/assets\/icon-256x256.png?rev=3590745","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Flex Explorer adds a simple, read-only file browser to the WordPress admin. It\nlets administrators look through the contents of the <code>wp-content<\/code> directory and\npreview text files and images without leaving wp-admin or opening an FTP client.<\/p>\n\n<p>It never modifies your site: it cannot create, edit, upload, rename, move or\ndelete files. You can download an individual file, or a whole folder as a ZIP,\nfor offline viewing, and the originals are always left untouched. Every request is\nrestricted to the <code>wp-content<\/code> directory, is limited to administrators, and is\nverified with a nonce.<\/p>\n\n<p><strong>Features<\/strong><\/p>\n\n<ul>\n<li>Browse folders inside <code>wp-content<\/code> with a breadcrumb path.<\/li>\n<li>List files and folders with size and last-modified date.<\/li>\n<li>Search filenames in the current folder and everything below it.<\/li>\n<li>Preview text and code files inline (up to 2 MB).<\/li>\n<li>Preview common images (JPEG, PNG, GIF, WebP, BMP, ICO) inline (up to 5 MB).<\/li>\n<li>Download any single file, or the current folder packaged as a ZIP.<\/li>\n<li>Uses the jQuery bundled with WordPress and plain CSS - no build step, no external libraries.<\/li>\n<\/ul>\n\n<p><strong>Security<\/strong><\/p>\n\n<ul>\n<li>Access is limited to users with the <code>manage_options<\/code> capability.<\/li>\n<li>On multisite, access is further restricted to network super admins, since a\nper-site administrator should not be able to read the shared <code>wp-content<\/code>\ntree.<\/li>\n<li>If the site defines <code>DISALLOW_FILE_EDIT<\/code> as true, Flex Explorer disables\nitself (including its admin menu) to respect that lockdown.<\/li>\n<li>All AJAX requests are nonce-verified.<\/li>\n<li>Every path is resolved with <code>realpath()<\/code> and confined to the <code>wp-content<\/code>\ndirectory; path traversal and symlink escapes are rejected.<\/li>\n<li><code>wp-config.php<\/code>, <code>.htaccess<\/code> and <code>.htpasswd<\/code> can never be viewed or\ndownloaded, and are skipped when building a ZIP.<\/li>\n<li>Downloads are always sent as attachments (<code>application\/octet-stream<\/code>) so the\nbrowser never renders file contents inline.<\/li>\n<li>ZIP archives are bounded (file count and total size) and skip symlinks so a\nlarge or looping tree cannot exhaust server resources.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin files to <code>\/wp-content\/plugins\/flex-explorer<\/code>, or install\nthrough the WordPress <strong>Plugins<\/strong> screen.<\/li>\n<li>Activate the plugin through the <strong>Plugins<\/strong> screen.<\/li>\n<li>Open <strong>Tools \u2192 Flex Explorer<\/strong> from the admin menu.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"who%20can%20use%20flex%20explorer%3F\"><h3>Who can use Flex Explorer?<\/h3><\/dt>\n<dd><p>Users with the <code>manage_options<\/code> capability (administrators). On a multisite\nnetwork, access is limited to super admins, because <code>manage_options<\/code> is granted\nto every per-site administrator while <code>wp-content<\/code> is shared across the network.<\/p><\/dd>\n<dt id=\"why%20is%20flex%20explorer%20missing%20from%20my%20admin%20menu%3F\"><h3>Why is Flex Explorer missing from my admin menu?<\/h3><\/dt>\n<dd><p>If your site (or your host) defines the <code>DISALLOW_FILE_EDIT<\/code> constant as true,\nFlex Explorer disables itself entirely to honour that file-access lockdown. The\nsame applies to per-site administrators on multisite, who are not super admins.<\/p><\/dd>\n<dt id=\"can%20it%20edit%20or%20delete%20files%3F\"><h3>Can it edit or delete files?<\/h3><\/dt>\n<dd><p>No. It never changes anything on disk: it cannot edit, rename, move, upload or\ndelete files. It can browse, search, preview, and download copies (including a\nfolder as a ZIP), but the originals are always left untouched.<\/p><\/dd>\n<dt id=\"how%20does%20search%20work%3F\"><h3>How does search work?<\/h3><\/dt>\n<dd><p>Type in the search box to match filenames in the folder you are currently\nviewing and all of its subfolders. Matching is a case-insensitive match on the\nfile name; results are capped, so narrow your search if you hit the limit.<\/p><\/dd>\n<dt id=\"can%20i%20download%20a%20whole%20folder%3F\"><h3>Can I download a whole folder?<\/h3><\/dt>\n<dd><p>Yes. Use <strong>Download folder as ZIP<\/strong> to package the current folder (and its\nsubfolders) into a single archive. Very large folders are refused to protect\nthe server, and <code>wp-config.php<\/code>, <code>.htaccess<\/code> and <code>.htpasswd<\/code> are never\nincluded. ZIP support requires the PHP <code>zip<\/code> extension.<\/p><\/dd>\n<dt id=\"which%20folders%20can%20i%20browse%3F\"><h3>Which folders can I browse?<\/h3><\/dt>\n<dd><p>Only the <code>wp-content<\/code> directory and its subfolders. Paths outside it, and\nsymbolic links that point outside it, are rejected.<\/p><\/dd>\n<dt id=\"why%20can%27t%20i%20open%20wp-config.php%3F\"><h3>Why can't I open wp-config.php?<\/h3><\/dt>\n<dd><p>Sensitive files (<code>wp-config.php<\/code>, <code>.htaccess<\/code>, <code>.htpasswd<\/code>) are blocked from\nviewing by design.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>0.2.4<\/h4>\n\n<ul>\n<li>Derive the content root solely from <code>wp_upload_dir()<\/code> and drop the <code>WP_CONTENT_DIR<\/code> fallback, so the browser root is resolved entirely through core location functions with no internal constants.<\/li>\n<\/ul>\n\n<h4>0.2.3<\/h4>\n\n<ul>\n<li>Resolve the content directory through <code>wp_upload_dir()<\/code> instead of the <code>WP_CONTENT_DIR<\/code> constant, so the browser root follows custom content\/uploads locations.<\/li>\n<li>Restore the original <code>zlib.output_compression<\/code> setting after a download streams, keeping the change confined to the single download request.<\/li>\n<\/ul>\n\n<h4>0.2.2<\/h4>\n\n<ul>\n<li>New: search filenames in the current folder and all subfolders (results are bounded); matching folds multibyte characters where available.<\/li>\n<\/ul>\n\n<h4>0.2.1<\/h4>\n\n<ul>\n<li>Lowered the ZIP size limit to 50 MB so archives stay within typical shared-hosting execution limits.<\/li>\n<\/ul>\n\n<h4>0.2.0<\/h4>\n\n<ul>\n<li>New: download an individual file (sent as an attachment, never rendered inline).<\/li>\n<li>New: download the current folder as a ZIP, with file-count and total-size limits, skipping symlinks and blocked files.<\/li>\n<li>Downloads flush pending output buffers and disable on-the-fly compression before streaming, so binary files and archives are never corrupted or truncated.<\/li>\n<\/ul>\n\n<h4>0.1.1<\/h4>\n\n<ul>\n<li>Security: on multisite, restrict access to network super admins instead of every per-site administrator.<\/li>\n<li>Security: disable the plugin (including its admin menu) when <code>DISALLOW_FILE_EDIT<\/code> is defined as true.<\/li>\n<li>Move the admin page under <strong>Tools<\/strong> instead of a top-level menu item.<\/li>\n<\/ul>\n\n<h4>0.1.0<\/h4>\n\n<ul>\n<li>Initial release: read-only browsing of wp-content with inline text and image preview.<\/li>\n<\/ul>","raw_excerpt":"A lightweight, read-only file browser for WordPress. Browse folders and view files inside wp-content from the admin.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/326565","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=326565"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/flexatech"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=326565"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=326565"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=326565"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=326565"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=326565"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=326565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}