Back to Blog

External Featured Image – Use External URLs as Featured Images

February 18, 2026 · Pawan

A lightweight WordPress plugin that stores external featured image URLs in a custom table with REST API support, secure updates, and theme compatibility.

Download Plugin
External Featured Image – Use External URLs as Featured Images

External Featured Image

A lightweight, secure WordPress plugin that allows you to use external URLs as featured images instead of uploading them to the Media Library. Unlike traditional methods, this plugin uses a custom database table for high performance and full REST API support.

🚀 Features

  • Custom Storage: Saves data in a dedicated wp_external_featured_images table to keep your wp_postmeta clean.
  • REST API Ready: View, create, or update external images via standard WordPress API endpoints.
  • Automatic Cleanup: Automatically deletes image data when a post is permanently deleted.
  • Secure by Design: Includes CSRF protection (Nonces), SQL injection prevention ($wpdb->prepare), and strict data sanitization.
  • Theme Compatible: Hooks into post_thumbnail_html to work seamlessly with most WordPress themes.

🛠 Installation

  1. Upload the external-featured-images folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the Plugins menu in WordPress.
  3. Upon activation, the plugin will automatically create the necessary database table.

📖 Usage

In the Admin Dashboard

  1. Open any Post or Page editor.
  2. Locate the External Featured Image meta box in the sidebar.
  3. Paste your image URL (e.g., https://example.com/image.jpg) and save the post.

Via REST API

The plugin adds a new field external_featured_image to the Post object.

Fetch a Post's External Image (GET):

curl -X GET https://your-site.com/wp-json/wp/v2/posts/<ID>

Update/Set an External Image (POST):

Requires an Application Password.

curl -X POST https://your-site.com/wp-json/wp/v2/posts/<ID>     -u "username:application_password"     -d "external_featured_image=https://example.com/new-image.jpg"

🗄 Database Schema

The plugin creates one table: {prefix}external_featured_images.

ColumnTypeDescription
idbigintPrimary Key (Auto-increment)
post_idbigintThe ID of the WordPress Post (Unique)
external_urltextThe sanitized URL of the image

🔒 Security Measures

  • SQL Injection: All database queries are handled via $wpdb->prepare().
  • XSS Protection: Input is sanitized using esc_url_raw() and output is escaped with esc_url().
  • CSRF Protection: Nonce verification is used on all save actions.
  • Access Control: Uses current_user_can('edit_post') to ensure only authorized users can modify data.

Author: Pawan
Contributors: paw1xd
License: GPLv2
Current Version: 1.0

GitHub
X
instagram