| 开发者 | nerdcow |
|---|---|
| 更新时间 | 2026年7月11日 20:02 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
https://dev.example.com/..., so your production pages silently load images from staging. If the source environment is private, password-protected or taken down after launch, those images break.
This plugin fixes that automatically: it finds the external image URLs, pulls the files into your own Media Library, and updates the content so everything is served from your own domain.
Key features
169.254.169.254. All resolved A/AAAA records must be public.http and https, only ports 80 and 443, and URLs containing embedded credentials (user:pass@) are refused.photo-1024x670.webp), the plugin fetches the full original and lets WordPress regenerate every registered size locally, then points the markup at the matching local size.wp auei localise to sweep content that was saved before the plugin was active, with --dry-run, --post_type, --post_id and --limit options.src, data-src and data-lazy-src attributessrcset (every candidate, with width and density descriptors)url / src / href)background-image: url(...) in inline styleswp_insert_post_data) covers both.nerdcow-external-image-importer folder to wp-content/plugins/, or install the plugin through the Plugins > Add New screen.wp auei localise --dry-run to preview, then wp auei localise to apply.No - this is a core safety behaviour. Every download is verified to be a genuine, decodable image of the expected MIME type before any URL is rewritten. If the downloaded file is not a real image (for example a geo-blocked placeholder page or an error document), it is discarded and your original external URL is left exactly as it was. A broken local copy is never put in place of a URL that was working.
Yes. A single save hook (wp_insert_post_data) covers both the Block (Gutenberg) editor - which saves via the REST API - and the Classic editor.
Yes. It runs per site, so each site's external images are imported into that site's own Media Library.
They are preserved. The plugin only rewrites image URLs and remaps the attachment ID stored in Gutenberg blocks; it does not touch your alt text, captions or any other attributes.
JPEG, PNG, GIF, WebP, AVIF and BMP. SVG and ICO are excluded by default for security (SVG can embed script, and ICO is a common smuggling vector). If you fully trust your sources you can extend the allowed set via the auei_allowed_extensions filter, but doing so is at your own risk.
No. The plugin uses no external services and contains no tracking or analytics. The only outbound HTTP requests it makes are to the image URLs that already exist in your own content, purely to download those images into your local Media Library.
It imports the full-size original. WordPress content usually references a scaled image (for example photo-1024x670.webp); the plugin strips that -WxH suffix, fetches the full original, and lets WordPress regenerate every registered size locally - so you have the thumbnail, medium, large and full versions, just like a normal upload. The image in your content is then rewritten to the local copy at the same size it referenced, so the layout is unchanged. It also remaps the attachment ID stored in the block ("id":N / wp-image-N) to the new local attachment, so the editor's image controls keep working and no stale or colliding source ID is left behind. Both behaviours can be turned off with the auei_import_full_size and auei_remap_ids filters.
No. Before downloading, the plugin checks whether the image already exists in your Media Library and reuses it:
_auei_source_url post meta); andauei_reuse_by_filename filter if you prefer always-fresh imports.
Add the domain to the whitelist with the auei_whitelisted_domains filter. Whitelisted domains are never imported and their URLs are left untouched.
Yes - that is a core design goal. The built-in SSRF guard blocks requests to private, reserved, loopback, link-local, ULA and CGNAT addresses, plus the cloud metadata endpoint, and requires every resolved IP of a host to be public before any fetch happens.
"id":N / wp-image-N) to the new local attachment ID, so blocks never point at a stale or colliding ID on the destination._auei_source_url meta and (optionally) by previously-imported filename to avoid re-downloading.src, data-src, data-lazy-src, srcset, Gutenberg block JSON and CSS background-image.wp auei localise WP-CLI command with --dry-run, --post_type, --post_id and --limit options for retroactive fixes.auei_* filter set for whitelisting, allowed types, schemes and ports, caps and overrides.