Cloudflare stream Video Protection WordPress Plugin in Action

Cloudflare Stream offers its own free plugin which, actually, has limited functionalities. So we created our version of a cloudflare stream wordpress plugin. 😉

We tested the “official” wordpress plugin but in our case, that was not enough. We needed to integrate the functionality of signed URL into our WP to protect our videos because, in the end, we wanted to prevent our videos to be downloadable by anyone.

Our cloudflare stream wordpress plugin tokenizes the streaming and generates one shortcode for each video that you can embed wherever you want in your wordpress. If you want to know more, you can read our detailed blog post.

It easily integrates signed URL capabilities (video protection) in your WordPress installation (classic, Gutenberg, and WPBackery), and allows stream only from certain domains.

The core functionalities we needed (and the problems we solved) were:

A) protect our videos by allowing only some domain origins directly from Wordpress, pretty much as you do manually in CF:


B)
make the video ID hidden from public as normally it isn’t:

Ie. if you take your video ID and paste it after this URL you will see that the video streams perfectly publicly:
https://watch.cloudflarestream.com/yourNumericIDgoesHere

C) to have a “panic button” that would unsign all the videos URLs in bulk. So, in case anything would happen with the tokenisation (e.g. Wordpress updates, sudden plugin incompatibilities or malfunctions, etc) we would have insured our users the streaming, even if unprotected.


D)
a Shortcode so to embed the videos wherever in our Wordpress (pretty much as the official CF plugin is doing)


E)
managing all the streaming parameters (autoplay, poster, loop, etc)


So we made this cloudflare stream wordpress plugin that is working in 4 simple steps:

  1. A setting page get all the CF basic parameters (ID, email, API key, etc):

    There you can also set a Buffer time. Which will be added to the video length.
    E.g. if your video last 5 min and your buffer time is 5 min, the generated token for the streaming session will be invalidated after 10 minutes.

  2. You can add your video as you would do with a normal WP page, giving it a title and inserting your video ID taken directly from CF stream interface:

    Once you hit “publish” it will automatically whitelist the current domain only on CF, so that you don’t have to insert the domain origins via CF interface and sign the URL, de facto, protecting the video. E.g. if someone would want to grab your URL and copy it in a forum or download it.

  3. You get all your videos and their Shortcodes:
  4. you simply paste the Shortcode wherever you want in your Wordpress + add any parameter you want after it:wink:

Our cloudflare stream wordpress plugin allows for our videos to stream in a “protected way”, eg. instead of the ID, a time-bound token is shown on the DOM and the video ID remains hidden:

We hope this may be of any interest to anyone facing our same need vs Cloudflare stream video protection, signed URL, tokenization, etc.

We are pretty sure there are better, faster and more efficient ways to do this, so we are very open to read your thoughts, comments and expertise and to learn from it to improve our plugin :wink:

Download CF Video Protection WP Plugin

Read our FAQ or Get in touch with us for any comments, doubts or questions you may have.