A private client portal for WordPress — let each client log in to view, preview, and download only their files.
Filevue turns your WordPress site into a secure client portal. Create clients with unique IDs and encrypted passwords, upload files into organized folders, and give each client a private login page where they can view and download only their own documents.
Everything uses your site name for branding — no “Powered by” labels or third-party logos. The portal UI automatically adapts to your WordPress admin color scheme.
Client Management
- Create clients with a unique Client ID, encrypted password, optional email, and internal notes.
- Search, paginate, and manage clients from a clean admin dashboard.
- View client details in a quick-view modal — copy credentials, see file stats, and jump to the portal link.
File Uploads and Organization
- Drag-and-drop single or multi-file uploads directly from the admin.
- Organize files into named folders with custom SVG icons and accent colors.
- Drag files between folders to reorganize — no page reload needed.
- Supported formats: PDF, Word, Excel, images (PNG, JPG, GIF), text, ZIP, and RAR.
Client Portal
- Filevue automatically creates a dedicated portal page at
/client-portal/ when the plugin is activated.
- Clients log in with their unique Client ID and password — no WordPress account required.
- Collapsible folder tree with icon and color theming, matching the admin folder setup.
- Inline file preview for PDFs and images directly in the browser — no download required.
- One-click secure downloads with nonce-verified, path-validated file delivery.
- Sessions expire after 1 hour for security; clients can log out manually at any time.
- Admins can preview the portal as any client with a single click from the Clients page — no need to copy credentials.
Data Sheets
- Attach editable spreadsheets to any folder — add rows, columns, and multiple sheets.
- Clients see a read-only view of shared data sheets in their portal.
- Download any data sheet as an Excel file — both admin and client side.
Email Notifications
- Send branded HTML credential emails with portal link, Client ID, and password.
- Automatic new-file notifications when you upload documents to a client’s folder.
- Emails use your site name and are styled to match your brand.
SMTP
- Built-in SMTP configuration with test-before-save — your settings only activate after a successful test email.
- One-click provider presets for Gmail, Outlook, and Yahoo with setup guidance.
- Passwords are encrypted at rest using AES-256-CBC.
Team Access
- Portal Contributor — Staff members who can manage clients and upload files, but cannot change settings or delete content.
- Portal Manager — Full portal access including settings, user management, and content deletion.
- Both roles see only the Filevue menu in the admin — no distractions from the rest of WordPress.
Security
- Client passwords encrypted with AES-256-CBC using your site’s AUTH_KEY.
- Upload directory protected with .htaccess rules and a silent index.php.
- Every download, upload, delete, and login action is nonce-verified with path traversal protection.
- Data protection toggle — choose whether plugin data is preserved or removed on uninstall.
Support Development
Filevue is free and open source. If it saves you time or helps your business, consider supporting continued development and new features:
Buy me a coffee
Screenshots
Admin dashboard with stats, quick actions, and step-by-step guide.
Client list with search, file counts, and one-click actions.
Client details quick-view modal with credentials and portal link.
Add New Client form with auto-generated ID and encrypted password.
Edit client page with drag-and-drop file uploads and colored folder tree.
Per-folder data sheet with columns, rows, and Excel export.
SMTP settings with one-click provider presets for Gmail, Outlook, and Yahoo.
Team Access page with Portal Manager and Portal Contributor roles.
Client portal login page with Filevue Client ID and password.
Client portal file browser with colored folders, download, and inline preview.
Where do clients log in?
Filevue automatically creates a page at /client-portal/ with the login form when the plugin is activated. Clients visit that URL, enter their Client ID and password, and immediately see their files. You can also place the [filevue_client_files] shortcode on any page to create an alternative portal entry point.
How can I preview the portal as a specific client?
On the Clients page, click the Portal button (the Filevue icon) next to any client. This generates a secure, single-use token that auto-logs you into the portal as that client in a new tab. The token expires after 60 seconds and can only be used once. No credentials are exposed.
Can clients see each other’s files?
No. Each client can only access files uploaded to their own folder. Downloads are verified against the logged-in client’s session.
What file types can I upload?
PDF, XLSX, XLS, DOC, DOCX, TXT, PNG, JPG, JPEG, GIF, ZIP, and RAR. File size limits follow your WordPress and server configuration.
Can I use my own SMTP server?
Yes. Go to Filevue > SMTP Settings, enter your credentials, and send a test email. Settings only activate after a successful test.
What happens to client data if I deactivate or delete the plugin?
By default, all data is preserved, which is safe for updates and reinstalls. You can enable “Delete all data on uninstall” from the home page if you want a clean removal.
Does the portal show my plugin or brand name?
No. The portal uses your WordPress site name for all labels and headings. There is no hardcoded branding.
I get “Not Acceptable” / HTTP 406 error when logging in or uploading files
This error is returned by your hosting provider’s ModSecurity (a Web Application Firewall), not by Filevue itself. It’s a false positive where a legitimate request is being blocked because it matches a “suspicious” pattern.
Common triggers:
- Passwords containing special characters like
%, ', ", <, >, =, or words like select, union, drop.
- Uploading files with unusual filenames (brackets, quotes, encoded characters).
- Filenames or folder names with accented / non-ASCII characters (very common in Spanish, French, Portuguese, German, etc. — e.g.
Facturación.pdf, Año 2026.xlsx, Diseño.png, Niño.jpg). When the browser URL-encodes ó as %C3%B3, ModSecurity may block the request as a suspected encoding attack.
- Saving content that contains SQL-like words or HTML/JS snippets.
Good news: As of version 1.3.3, Filevue prevents most of these 406 errors automatically:
- Filenames are auto-transliterated at upload time while keeping spaces intact:
Año 2026.pdf becomes Ano 2026.pdf (not Ano-2026.pdf), Facturación enero.pdf becomes Facturacion enero.pdf, Diseño final.png becomes Diseno final.png.
- Folder names follow the same rule:
Diseño becomes Diseno, Año 2026 becomes Ano 2026.
- Client passwords can no longer contain characters that trigger ModSecurity: quotes (
' "), angle brackets (< >), backslash (\), percent (%), semicolon (;), or accented / non-ASCII characters. Allowed characters are letters, numbers and - _ . ! @ # $ * + = : ? ~ ^ ( ) [ ] { } | ,. Existing passwords keep working; only newly-saved ones are validated.
- Client names, descriptions, and email messages are not affected — they fully support accented characters (á, é, í, ó, ú, ñ, ü, ¿, ¡), so you can still enter
José García as a client name, write Spanish/French/Portuguese descriptions, and send localized emails. These fields are never sent through URLs, so WAFs can’t block them.
If you have existing files with accents on disk or old passwords with special characters and still hit the error, rename those files / reset the password to a safe one, or use one of the solutions below.
Solutions (in order of recommendation):
- Contact your hosting provider and ask them to:
- Check the ModSecurity logs for the blocked request.
- Whitelist the triggered rule IDs for your site, or disable ModSecurity for
/wp-admin/admin-ajax.php.
- Try a different password for the client (use only letters, numbers, and
-_.!@#) to confirm the password is the trigger.
- Rename the file you are uploading to something simpler (letters, numbers, hyphens, underscores only).
-
Add a rule to your .htaccess (only if your host allows it) to bypass ModSecurity for AJAX:
SecRuleEngine Off
This error is almost always a hosting configuration issue, not a plugin bug. Most shared hosts (Bluehost, SiteGround, HostGator, GoDaddy, etc.) ship with ModSecurity enabled and will gladly tune the rules if you contact support.
ChangeLog
1.5.0
- Updated tests and fixed a bug for special chars
- Updated readme file to include youtube video
- Added feedback review notification
- updated login button size
- Portal appearance small style fixes
- Updated documentation cards to include more information during mouse hovering
- Adding more details on how to use the plugin on home page
1.4.0
- Added feature to enable folder order with drag and drop on Edit Client page
- Fixed Elementor compatibility issue with View Data sheet modal on Client portal page
- Small styling fixes
1.3.2
- Added some more Elementor compatibility fixes on Client Portal page
1.3.1
- Fixed some style issues interfering with Elementor themes
1.3.0
- Added functionality to copy Client Id to Clipboard directly from View clients page
- Small style updates and fixes
1.2.0
- Added Last Seen feature
- Added At Glance section to quickly preview Clients count
- Updated readme.txt
1.1.1
- Added reset to default button into portal appearance section
- Small readme update
1.1.0
- Added dedicated Settings page
- Ability to hide/display filename extension under folders
- Moved Data Protection section into Settings
- Spaces are now allowed into folder names
- No more duplicate entries of site name displayed on client portal page
- Ability to customise client portal login basic appearance
- Fixed some plugin check errors
- Updated readme.txt
1.0.7
1.0.6
1.0.5
- Added dedicated button to impersonate as client into portal
1.0.4
- Provide error message when SMTP is not set and user is trying to send welcome email to client
1.0.3
- Updated readme.txt to include some new screenshots description
1.0.2
- Client Portal login page is now properly displayed
- Updated readme.txt file
1.0.1
- Portal Manager and Portal Contributor can now see Filevue menu
1.0.0
