Cloudflare stream Video Protection WordPress Plugin in Action

Cloudflare Stream offers its own free plugin which, actually, has limited functionalities. So we created our Power Tools for Cloudflare Stream Wordpress plugin. 😉

We tested the “official” WordPress plugin but in our case, it was not powerful enough.

We needed to integrate the functionality of signed URLs into WordPress to protect our videos because, in the end, we wanted to prevent our videos to be downloadable by anyone.

CF Power Tools WordPress plugin tokenises the streaming process and generates one shortcode for each video that you can embed wherever you want in WordPress. If you want to know more, you can read our detailed blog post.

It easily integrates the signed URL capabilities (video protection) in your WordPress installation (classic, Gutenberg, and WPBackery), and allows streaming only from domains that you add to the allow list.

The core functionalities we needed (and the problems we solved) were:

A) protect our videos by allowing only some domain origins directly from WordPress, pretty much as you do manually in CF:


B)
make the video ID hidden from public.. yes, normally it isn’t!!

Ie. if you take your video ID and paste it after this URL you will see that the video streams perfectly publicly:
https://watch.cloudflarestream.com/yourNumericIDgoesHere

C) to have a “unlock button” that would un-sign all the videos URLs in bulk. So, in case anything would happen with the tokenisation (e.g. WordPress updates, sudden plugin incompatibilities or malfunctions, etc) we would have ensured that users can still stream the videos, even if unprotected.


D)
a Shortcode so to embed the videos wherever in  WordPress (pretty much as the official CF plugin is doing)


E)
managing all the streaming parameters (autoplay, poster, loop, etc)


So we made this Cloudflare Stream Wordpress plugin that is working in 4 simple steps:

  1. A setting page get all the CF basic parameters (ID, email, API key, etc):
  2. There you can also set a Buffer time. Which will be added to the video length.
    E.g. if your video last 5 min and your buffer time is 5 min, the generated token for the streaming session will be invalidated after 10 minutes.
  3. You can add your video as you would do with a normal WordPress page, giving it a title and inserting your video ID taken directly from CF stream interface:
  4. Once you hit “publish” or “update” it will automatically add the current domain to the allow list only on CF, so that you don’t have to insert the domain origins via CF interface and sign the URL, de facto, protecting the video. E.g. if someone wanted to grab your URL and copy it in a forum or download it.
  5. You get all your videos and their shortcodes:
  6. you simply paste the Shortcode wherever you want in your Wordpress + add any parameter you want after it:wink:

Our CF Power Tools wordpress plugin allows for our videos to stream in a “protected way”, eg. instead of the ID, a time-bound token is shown on the DOM and the video ID remains hidden:

We hope this may be of any interest to anyone facing our same need vs Cloudflare stream video protection, signed URL, tokenisation, etc.

We are pretty sure there are better, faster and more efficient ways to do this, so we are very open to read your thoughts, comments and expertise and to learn from it to improve our plugin :wink:

Get CF Power Tools Wordpress Plugin

Read our FAQ or feel free to get in touch with us for any comments, doubts or questions you may have.