Open Source

Jellyfin-WordPress Integration

Secure Media Server Bridge · Open Source Plugin Development

Engineered a custom WordPress plugin to securely bridge a private Jellyfin media server with public web presence, implementing server-side AJAX proxying to protect API keys while displaying "Now Playing" data.

Executive Summary

Overview

Security-First Architecture: Implemented server-side request model where WordPress communicates privately with Jellyfin API, exposing only safe data (Artist/Track) to the browser while keeping API keys completely secure on the server.

Protocol Bridging Solution: Built toggle functionality to handle HTTPS/HTTP mixed content conflicts that typically break local-home integrations, enabling seamless operation across different server configurations.

Automated YouTube Discovery: Added dynamic YouTube search link generation for current tracks, transforming static display into an interactive music discovery tool.

GPL-v3 Open Source Release: Published under GPL license to help others solve similar "Home-to-Web" integration challenges with a battle-tested, lightweight solution.

Why I Built This

The Challenge: Fighting Data Entropy

The "Security vs. Social" conflict - wanting to share what I was listening to without exposing sensitive API keys or falling victim to mixed content blocks that break local-home integrations.

API Key Security

Standard client-side integrations expose API keys in page source - a massive security hole that needed complete elimination through server-side architecture.

Mixed Content Blocks

HTTPS sites blocking HTTP Jellyfin data due to browser security policies, requiring a protocol-bridging solution that respects both security and functionality.

Architectural Win

The Solution: Non-Destructive Virtualization

Built a server-side proxy plugin that handles all API communication privately, then serves only safe metadata to the client. Added protocol bridging and YouTube discovery to make it both secure and interactive.

Server-Side AJAX Proxy

Implemented WordPress server as secure intermediary, handling all Jellyfin API communication privately and exposing only sanitized metadata to the frontend.

Protocol-Agnostic Design

Built configurable protocol handling to gracefully navigate HTTPS/HTTP conflicts without breaking user experience or compromising security.

A production-ready, low-maintenance plugin using simple shortcode [jellyfin_now_playing] that works reliably across different server configurations while maintaining zero API key exposure.