Mikesoft TeamVault

Private document workspace for WordPress teams, agencies, and operations that need controlled file sharing outside the Media Library.

Current plugin version: 2.6.3.

2,000+ total downloads on WordPress.org, with dozens of new downloads every day.

If TeamVault is useful to you, consider sponsoring the project on GitHub — it is developed and maintained for free, and sponsorships help keep it going.

Overview

Mikesoft TeamVault adds a private document workspace inside the WordPress admin. It is designed for teams that need to organize, preview, export, and share sensitive files without exposing them through normal Media Library URLs.

Files are stored in protected storage and delivered through authenticated WordPress handlers instead of public media URLs.

Typical use cases include:

• internal company documents
• agency-to-client document delivery from WordPress admin
• partner or vendor file exchanges
• back-office archives that should stay out of the public Media Library

Core capabilities include:

• private storage outside the normal Media Library workflow
• shared access for authorized internal users
• folder creation, rename, move, and delete operations
• drag-and-drop uploads with file validation
• inline preview for supported file types, including PDFs
• ZIP export for folders or the full document library
• activity logging for operational traceability
• maintenance tools for orphan cleanup and storage reindex

Governance capabilities (all free, since 2.6):

• TeamVault groups to organize users into departments or teams, independent from WordPress roles
• per-folder permissions with granular actions (view, upload, download, delete, manage) for users and groups, with inheritance and explicit child overrides
• preview-only access that allows viewing without download or ZIP export
• per-user and per-group storage quotas enforced before upload
• access reports (who viewed or downloaded what) with filters and a CSV export of the activity log
• email notifications for upload, download, delete, and access-denied events
• light white-label branding (name, logo, accent color) inside the plugin screens

Latest Release

Version 2.6 brings a full document governance suite to the free plugin: TeamVault groups, per-folder permissions with inheritance and granular actions (view, upload, download, delete, manage), preview-only access, per-user and per-group storage quotas, access reports with CSV export, email notifications, and light white-label branding. Upload errors are now specific (disallowed extension with the allowed list, or actual versus maximum size), and the admin interface was refreshed for responsiveness and accessibility across the WordPress dashboard. These features were previously planned as a paid add-on and are now included for free; existing installs are unaffected because folders with no rules keep the prior behavior.

Why teams adopt TeamVault:

• it creates a dedicated private document area instead of overloading the Media Library
• it adds capability-based access control with an optional whitelist layer, plus per-folder permissions and groups for finer governance
• it keeps export, maintenance, and recovery workflows focused on operational files

Requirements

• WordPress 6.0 or later
• PHP 8.0 or later
• Writable storage path for private documents
• ZipArchive available on the server for export features

Installation

Recommended

Install the plugin from the WordPress.org Plugin Directory so the site receives standard update notifications.

1. In WordPress admin, go to Plugins > Add New.
2. Search for Mikesoft TeamVault.
3. Click Install Now and activate the plugin.
4. Open TeamVault > Settings to review access, storage, and file rules.

Manual

1. Download the release package from WordPress.org.
2. Upload it to wp-content/plugins/mikesoft-teamvault/.
3. Activate the plugin from the Plugins screen.

Access Model

• File workspace access uses the manage_private_documents capability.
• New activations grant that capability to Administrators only.
• The manage_private_documents capability grants full TeamVault workspace access, including upload, rename, move, download, export, and delete actions.
• Optional whitelist mode adds a second authorization layer for selected users.
• Per-folder permissions (since 2.6) add fine-grained control on top of the capability: when a folder has explicit rules, access is limited to the granted users/groups and actions, with inheritance from parent folders; folders with no rules keep the capability-based behavior. Administrators always retain full access.
• Settings, groups, quotas, notifications, reports, activity logs, whitelist management, maintenance tools, and uninstall data controls require manage_options.

When whitelist mode is enabled, keep the current administrator account in the allowed users list before saving settings. On sites upgraded from older releases, review existing role capabilities and whitelist settings if Editors previously had TeamVault access.

Storage

• Default storage path: wp-content/uploads/private-documents/
• The plugin can use a custom writable path configured in settings.
• Storage is protected with server-level deny files where supported.
• Apache/LiteSpeed can enforce the generated .htaccess; IIS can enforce web.config; Nginx requires an equivalent server rule that denies direct requests to /wp-content/uploads/private-documents/.
• For high-sensitivity deployments, prefer a custom storage path outside the public webroot.
• The sidebar storage widget shows only the space used by TeamVault files, to avoid exposing misleading hosting quota values on shared environments.

If a site is migrated without copying the private storage folder, TeamVault records may remain in the database while the original binaries are missing. The settings screen includes cleanup and reindex tools for those scenarios.

Support

• End-user support: WordPress.org support forum
• Email: teamvault@mikesoft.it
• Website: mikesoft.it
• Security reports: see SECURITY.md
• Support continued open-source maintenance: GitHub Sponsors

Development Quick Check

Install development dependencies with Composer, then run the standard validation commands:

composer install
composer lint
composer test
composer ci

composer lint checks all repository PHP files outside generated dependencies. composer test runs the lightweight PHPUnit suite with the repository bootstrap. GitHub Actions also runs WordPress Plugin Check against a clean runtime build of the plugin.

Repository Guide

This repository is the public source mirror for the plugin.

• Product and installation information for WordPress.org users lives in readme.txt.
• Full release history lives in changelog.txt.
• Repository policies live in CONTRIBUTING.md, CODE_OF_CONDUCT.md, and SECURITY.md.
• Maintainer and developer notes live in docs/.

Branding Assets

• .wordpress-org/assets/icon-256x256.png is the primary full-color icon for the WordPress.org listing.
• .wordpress-org/assets/icon.svg is the scalable companion asset for the WordPress.org listing.
• .wordpress-org/assets/screenshot-1.jpg is the primary file manager screenshot used by the WordPress.org listing and this README.
• assets/logo-teamvault.svg is the in-plugin admin logo used inside the TeamVault interface.

These assets serve different surfaces and should stay aligned to the same brand without forcing the runtime plugin UI to match WordPress.org packaging constraints.

Documentation Map

• docs/developer/hooks.md - developer hooks and filters
• docs/maintainer/local-development.md - local development workflow
• docs/maintainer/release.md - WordPress.org release process

License

GPL v2 or later. See LICENSE.