WordPress.org
Get WordPress
WordPress.org

Plugin Directory

CosmautDL

Image

CosmautDL

By cosmaut
Download

Description

CosmautDL is a multi-cloud download manager plugin for WordPress.
It turns scattered cloud-drive links into a clean “download card” experience, and provides dedicated download pages, a site-wide file-tree index, and click statistics for site owners.

(中文概述)把零散的网盘链接统一整理成下载卡片,并提供独立下载页、文件树索引与下载统计,让资源分享更规范、更好用。

Key features (核心能力):

  • Unified download card UI for posts/pages(下载卡片:文章/页面统一展示)
  • Dedicated download page route per post(独立下载页:每篇文章一个下载页)
  • Redirect route to keep outbound links tidy(跳转中转:可配置路由前缀)
  • File-tree page to browse all shared resources(文件树:全站资源索引)
  • Click statistics stored in your own database(下载统计:记录点击次数,后台可查看)
  • Optional WeChat QR unlock workflow(可选微信扫码解锁)
  • Assets loaded only when needed(按需加载,减少全站负担)

Supported providers ==(built-in defaults / 内置默认网盘):

Baidu Pan, 123Pan, Aliyun Drive, Tianyi Cloud, Quark, PikPak, Lanzou, Xunlei, Weiyun, OneDrive, Google Drive, Dropbox, MEGA, MediaFire, Box, and “Other”.

(说明)你可以在后台启用/禁用、重命名、排序网盘,并支持“其他网盘”用于自定义链接类型。

Routes (pretty permalinks recommended / 建议开启固定链接):

  • Download page: /downloads/{post_id}.html (or ?cosmdl_download=1&post_id={id})
  • File tree: /downloads/tree.html (or ?cosmdl_tree=1)
  • Stats entry: /downloads/stats.html (or ?cosmdl_stats=1; admin-only)
  • Redirect: /{prefix}/{post_id}/{type}.html (or ?cosmdl_redirect=1&post_id={id}&type={type})

Data & privacy (overview / 数据与隐私概述):

  • Stores download click logs in a custom table: {wp_prefix}cosmdl_clicks (post_id, type, attach_id, user_id, ip, ua, referer, success, created_at).(用于统计;可在后台删除记录)
  • Core features do not require external services.(核心功能不依赖外部服务)

Privacy/External Services

中文:
– 数据收集:插件会记录下载点击的 IP、UA、Referer 与时间,仅用于站点后台统计与问题排查;数据存储于站点数据库,未出站。
– 外部服务(可选):开启“IP 归属地显示”后,后台会调用 ipapi/ip-api/ipinfo 查询归属地,并对结果做缓存后在后台显示;不开启则不触发任何外部请求。
– 微信扫码解锁(可选):仅在扫码场景将访客浏览器跳转到微信授权页(open.weixin.qq.com),并由站点服务器调用 api.weixin.qq.com 接口换取 openid 与查询关注状态;不长期保存 openid,仅短期缓存解锁状态(10 分钟),公众号 access_token 最多缓存约 2 小时。
– 用户控制:可在插件设置中随时关闭上述可选功能;卸载插件会清理插件创建的数据与缓存。
– 合规提示:部分司法辖区将 IP 地址视为个人数据;启用“IP 归属地显示”前请确保已获得用户授权或满足合法合规要求。

English:
– Data Collection: The plugin records the IP, UA, Referer, and time of download clicks only for backend statistics and troubleshooting; data is stored in your database and never sent outside.
– External Services (Optional): When “IP Geolocation Display” is enabled, the admin backend queries ipapi/ip-api/ipinfo for geolocation; results are cached and displayed in wp-admin. No external requests occur when disabled.
– WeChat QR Unlock (Optional): Redirects the visitor browser to WeChat authorization (open.weixin.qq.com) and the server calls api.weixin.qq.com endpoints to exchange code for openid and check subscription. The plugin does not persist openid; it uses a short-lived unlock flag (~10 minutes) and caches the official account access_token (up to ~2 hours).
– User Control: You can disable these optional features at any time in plugin settings; uninstalling the plugin cleans up plugin-created data and caches.
– Compliance Note: In some jurisdictions, IP addresses are personal data; obtain consent or meet legal requirements before enabling IP geolocation.

External services

This plugin can connect to external services only when you enable related options.
(中文说明)仅在你启用相关功能后才会发起外部请求。

1) WeChat (微信) OAuth & subscription check

  • Service: WeChat / Tencent(微信/腾讯)
  • Purpose: Used for “WeChat unlock” mode authentication
  • Endpoints:
    • https://open.weixin.qq.com/connect/oauth2/authorize (OAuth authorize, visitor browser redirect)
    • https://api.weixin.qq.com/sns/oauth2/access_token (exchange OAuth code for openid)
    • https://api.weixin.qq.com/cgi-bin/token (fetch official account access_token)
    • https://api.weixin.qq.com/cgi-bin/user/info (check subscription status)
  • When: Only if you enable “WeChat unlock” in CosmautDL settings and visitors open the unlock URL in WeChat after scanning the QR code.
  • Data sent:
    • Visitor browser open.weixin.qq.com: appid, redirect_uri, response_type, scope, state, and standard HTTP request metadata handled by WeChat (e.g., IP address, user agent).
    • Your server api.weixin.qq.com: appid, appsecret, OAuth code, grant_type; later access_token, openid, lang.
  • Data stored (local): Does not store openid permanently; stores a short-lived unlock flag transient (10 minutes) and caches the official account access_token transient (up to ~2 hours, based on API expires_in).
  • User control: You can disable this feature at any time in plugin settings.(可在插件设置中随时禁用此功能)
  • Data deletion: Transients expire automatically.(临时缓存自动过期)
  • Terms of Service: https://www.wechat.com/en/service_terms.html
  • Privacy Policy: https://www.wechat.com/en/privacy_policy.html

2) IP geolocation lookup

  • Services (selectable in settings / 后台可选服务商):
    • https://ipapi.co/
    • https://ip-api.com/
    • https://ipinfo.io/
  • Purpose: To display “IP location” in admin download statistics
  • When: Only if you enable “Show IP location in stats” and open stats details in wp-admin.
  • Data sent: IP address from your click logs, from your server to the chosen provider (requests are cached).(仅用于展示归属地,且有缓存减少请求)
  • Caching: Results are cached for 168 hours (7 days) by default to reduce API calls.(默认缓存 168 小时(7 天)以减少 API 调用)
  • User control: You can disable this feature at any time in plugin settings.(可在插件设置中随时禁用此功能)
  • Data Flow: Your server IP Geolocation API Your server (IP addresses are sent for location lookup)
  • Privacy Impact: IP addresses are considered personal data in some jurisdictions; cached results help minimize exposure
  • Data Deletion: Cached geolocation data automatically expires after 7 days; IP addresses in click logs can be deleted from admin stats page
  • Terms of Service:
    • ipapi: https://ipapi.co/terms/
    • ip-api: https://ip-api.com/docs/legal
    • ipinfo: https://ipinfo.io/terms-of-service
  • Privacy Policies:
    • ipapi: https://ipapi.co/privacy/
    • ip-api: https://ip-api.com/docs/legal
    • ipinfo: https://ipinfo.io/privacy-policy

Third-party libraries

phpqrcode

  • Library: phpqrcode (LGPL-3.0)
  • Purpose: On-site QR code generation for WeChat unlock functionality
  • License: GNU Lesser General Public License v3.0
  • License URI: https://www.gnu.org/licenses/lgpl-3.0.html
  • Usage: Used for generating unlock QR codes without external dependencies
  • Compatibility: LGPL-3.0 is compatible with GPLv3

Screenshots

  • Image
    Download card UI(下载卡片样式)
  • Image
    Post editor meta box(编辑器下载面板)
  • Image
    File tree page(文件树页面)

Installation

  1. Upload the cosmautdl folder to /wp-content/plugins/.
  2. Activate the plugin in “Plugins”.
  3. Go to “CosmautDL” in wp-admin and configure:
    • Drive management(网盘管理:启用/重命名/排序)
    • Route prefix(跳转路由前缀)
    • Download page modules and optional unlock settings(下载页模块与可选解锁设置)
  4. Edit a post/page, fill in cloud-drive links in the CosmautDL meta box, and publish.

FAQ

How do I add a download card to a post?(如何生成下载卡片?)

Edit a post/page, find the CosmautDL meta box, paste cloud-drive links (and extraction codes if any), then update/publish. The plugin renders the card automatically on the frontend.

I see 404 on /downloads/{id}.html. What should I do?(下载页 404 怎么办?)

Go to “Settings Permalinks” and click “Save Changes” once to refresh rewrite rules. Also ensure your site supports pretty permalinks.(建议开启固定链接)

What data does CosmautDL store for statistics?(统计会记录哪些数据?)

It stores click logs in your own database table, including post_id, drive type, IP, user agent, referer, timestamp, etc. This is used only for download statistics and can be deleted from the stats page.

Does the plugin make external requests by default?(默认会对外请求吗?)

No. External requests happen only if you enable:

  • “WeChat unlock”(微信扫码解锁)
  • “IP geolocation in stats”(统计页 IP 归属地展示)

Can I customize the redirect prefix and drive list?(能自定义跳转前缀和网盘列表吗?)

Yes. You can change the redirect prefix in settings, and enable/rename/reorder providers in “Drive management”. There is also an “Other” type for custom links.

Does this plugin depend on a specific theme?(兼容主题吗?)

No. CosmautDL uses WordPress routing and template hooks and aims to be compatible with most themes. If your theme or cache plugin is aggressive, clear caches after changes.

Is multisite supported?(支持多站点吗?)

CosmautDL is primarily tested on single-site installations. For multisite, please test in a staging site first.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“CosmautDL” is open source software. The following people have contributed to this plugin.

Contributors

Translate “CosmautDL” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.8

  • 2026-02-14 Maintenance: Tested up to WordPress 6.9, minor code improvements and compatibility enhancements.(维护更新:测试兼容 WordPress 6.9,代码优化与兼容性改进)

1.0.7

  • 2026-01-25 Maintenance: Bundle on-site QR code generation library for unlock QR rendering and tighten admin capability checks.(维护更新:内置站内二维码生成库用于解锁二维码渲染,并收紧后台权限校验)

1.0.6

  • 2026-01-15 Security: Comprehensive security hardening including SQL injection fix, AJAX URL hardcoding removal, nonce verification for download redirects, and full AJAX handler nonce checks.(全面安全加固:包括 SQL 注入修复、移除 AJAX URL 硬编码、下载跳转 nonce 验证、以及完整的 AJAX 处理器 nonce 检查)

1.0.5

  • 2026-01-10 Security: Add nonce verification for admin AJAX actions.(后台 AJAX 安全加固)

1.0.4

  • 2026-01-06 Fix download stats details expansion and ensure click logs capture IP/UA.

1.0.3

  • 2026-01-03 Smart recognition of cloud drive links in the editor meta box.(编辑器网盘链接智能识别)

1.0.2

  • 2026-01-02 Initial release with download page, file tree, and click statistics.

Meta

Ratings

No reviews have been submitted yet.

Add my review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum

Donate

Would you like to support the advancement of this plugin?

Donate to this plugin