Uploady

Self-hosted file upload software, honestly reviewed. Built for the person who needs a clean upload page without running Nextcloud.

TL;DR

• What it is: A self-hosted PHP file upload script with role-based access, an admin panel, and optional virus scanning — no cloud dependencies, no vendor bills [README].
• Who it’s for: Small teams, developers, or solo operators who need a simple, controllable upload endpoint. Think internal submission portals, client file delivery, or replacing “just email me the file.”
• Cost savings: Commercial alternatives like Filestack or Uploadcare charge $49–$199/mo and up for API-based file uploads. Uploady is MIT-licensed, runs on any PHP host for $3–10/mo, and costs nothing in software fees [README].
• Key strength: Genuinely simple stack (PHP 8 + MySQL + Bootstrap 5.3), Docker deployment in minutes, and five layers of upload security including optional ClamAV virus scanning [README].
• Key weakness: 112 GitHub stars as of this review — a small, single-developer project with no official website, no public roadmap, and near-zero community coverage. This is not enterprise infrastructure.

---

What is Uploady

Uploady is a PHP-based file upload application you install on your own server. It gives you a drag-and-drop upload interface, an admin panel for managing what was uploaded, role-based access control over who can upload what size, and a REST API for integrating uploads into other tools [README].

The GitHub description is intentionally plain: “Simple File Uploading Software” [README]. That’s accurate. This isn’t trying to be Nextcloud or a full file manager — it’s specifically a file uploader: someone hits a URL, drops files, gets a link. You manage those files from a backend panel.

The tech stack is conservative by design: PHP 8.x, MySQL 5.7+, Bootstrap 5.3, Composer for dependencies. No Node.js, no Redis, no message queues. If you’ve ever deployed a WordPress site, you can deploy Uploady [README].

The project is maintained by a single developer (farisc0de) and is listed in the awesome-selfhosted directory under “File Transfer - Single-click & Drag-n-drop Upload” [1] — a category that includes well-known tools like Jirafeau and PsiTransfer. At 112 stars, it’s in the “small but functional” tier of the self-hosted ecosystem. There is no public company behind it, no managed cloud offering, and no official website beyond the GitHub repository.

---

Why people choose it

Honest answer: there are no independent reviews of Uploady available. The project doesn’t have enough reach for tech journalists or comparison blogs to have covered it yet. What follows is synthesized from the README, the codebase structure, and the context of what problem this category of software solves.

People end up on Uploady because they searched for “self-hosted file upload” and hit the awesome-selfhosted list [1]. The alternatives in that same category — Jirafeau, PsiTransfer, FilePizza — are all focused on anonymous, no-account sharing (think Firefox Send). Uploady is different: it has user accounts, roles, an admin panel, and persistent storage with optional auto-deletion. That’s a different use case. You’re not building a temporary file drop; you’re building a managed upload portal.

The typical scenario: a small agency wants clients to submit large files without emailing them or paying for a Dropbox Business account. Or a developer needs to accept file uploads in an internal tool without wiring up AWS S3 and presigned URLs from scratch. Uploady handles both with a web UI and a REST API, on infrastructure you already control.

---

Features

Based on the README, Uploady ships with:

Upload handling:

• Multi-file upload with drag-and-drop and real-time progress tracking [README]
• Five layered protection levels: MIME type validation, extension whitelist, per-role file size limits, forbidden filename blocking, and optional ClamAV virus scanning [README]
• Auto-delete rules: files can expire after X days or X downloads [README]
• Social sharing links for uploaded files [README]

Admin panel:

• Dashboard with charts and usage statistics [README]
• Full file management: browse, delete, search [README]
• Role-based access control — different user roles get different upload size caps [README]
• IP address, browser, OS, and country logged per upload (for abuse tracking) [README]

Customization:

• Custom CSS/JS injection, custom logo, custom favicon [README]
• Google AdSense and Analytics integration hooks [README]
• Multi-language interface with RTL (right-to-left) support [README]
• Custom pages system — add static pages (terms, privacy, FAQ) to the same domain [README]

Integration:

• REST API with API key authentication [README]
• Report Abuse system — visitors can flag uploaded content [README]

Deployment options:

• Standard PHP shared hosting install [README]
• Docker + docker-compose [README]
• macOS via Homebrew (development use) [README]

Notable absences: there’s no built-in CDN layer, no S3 or object storage backend, no thumbnail generation for images, no preview rendering for documents. Files land in an uploads/ directory on the server running the app. That’s a deliberate trade-off for simplicity, but it means you’re responsible for backup and disk management.

---

Pricing: SaaS vs self-hosted math

Uploady is MIT-licensed software. The license costs $0 [README]. You pay for the server it runs on.

Commercial alternatives for comparison:

Service	What you get	Monthly cost
Filestack	API-based upload widget + CDN + transformations	$49–$199/mo
Uploadcare	Upload widget + CDN + image processing	$39–$149/mo
Cloudinary (uploads)	Upload API + storage + transformations	Free tier, then $89/mo+
WeTransfer Pro	Managed file transfers, no self-host	$16.65/mo
Dropbox Business	Full file sync platform	$15/user/mo

Self-hosted with Uploady:

• Software: $0 (MIT)
• A $5/mo VPS (Hetzner, Contabo, DigitalOcean) handles light to moderate upload traffic
• A $10–15/mo VPS if you’re storing significant files long-term and need more disk

For a small agency accepting client file deliveries — let’s say 10–50 uploads per week — Uploady on a $6 Hetzner box costs $6/mo with no per-upload fees, no storage tier surprises, and files that live exactly where you put them. Filestack’s entry tier at $49/mo for the same volume is roughly $516/year more expensive.

The math is straightforward. What’s less straightforward is the operational overhead: you own the backups, the SSL certificate, and the “disk is full” alert at 2am. That trade-off is the same as any self-hosted tool — Uploady doesn’t change the equation, it’s just at the lighter end of the complexity spectrum.

Pricing data for competitors sourced from their respective public pricing pages; Uploady has no pricing page (open source, no commercial offering).

---

Deployment reality check

The standard install path is manual PHP deployment: upload files, run composer install, edit a config file with database credentials, set directory permissions, navigate to install.php, delete it after [README]. If you’ve deployed a PHP application before, this is familiar and takes about 20 minutes on a fresh VPS.

The Docker path is cleaner for anyone who prefers containers: git clone, update four lines in config/config.php, run docker-compose up -d [README]. MySQL is included in the compose file. This is the path to recommend to anyone who doesn’t want to manage PHP extensions manually.

What you actually need:

• PHP 8.0+ with pdo, pdo_mysql, gd, fileinfo, json, mbstring extensions [README]
• MySQL 5.7+ (or the bundled Docker container)
• Composer
• A domain and reverse proxy for HTTPS (not included, configure separately with Caddy or nginx)
• Optional: ClamAV installed and running for virus scanning [README]

Realistic time estimates:

• Developer comfortable with PHP deployments: 15–30 minutes
• Developer using Docker Compose: 20–40 minutes including domain setup
• Non-technical founder following a step-by-step guide: 1–3 hours

What can go sideways:

• ClamAV setup is genuinely optional, but if you enable the “Virus Scanner” toggle in admin without ClamAV actually installed and running, uploads will silently fail or throw errors. The README documents the ClamAV install for Ubuntu/Debian, CentOS, and macOS separately [README], which is helpful — but you need to follow it precisely.
• No HTTPS out of the box. You add a reverse proxy. If you skip this step, credentials and uploaded file content transmit in plaintext. This is not unique to Uploady, but worth stating.
• Disk management is manual. Uploady stores files in uploads/ on the local filesystem. No S3 backend, no automatic cleanup beyond the per-file expiration rules you configure. Fill your disk and the upload page will break.
• The project has one maintainer. There’s no SLA, no paid support tier, no company backing it. If a PHP 8.4 compatibility issue appears, you’re waiting on a single GitHub contributor.

---

Pros and cons

Pros

• Dead simple stack. PHP + MySQL is the most universally supported web stack. Nearly every shared host already has it. No Docker expertise required for basic deployment [README].
• Genuinely MIT-licensed. No “community vs commercial” split, no Fair-code gotchas, no feature gating. The full source is yours [README][1].
• Five-layer upload security. MIME validation, extension whitelist, size limits, filename blocking, and optional ClamAV — more than most competitors in this weight class offer by default [README].
• Role-based access control. Not just “upload or don’t” — roles get different file size limits, which is useful for multi-tier client access [README].
• RTL and multi-language support. Uncommon for tools in this category; useful if your users are Arabic or Hebrew speakers [README].
• Built-in abuse reporting. Public upload portals need a way for people to flag content. Most lightweight uploaders don’t include this [README].
• REST API included. You can integrate Uploady programmatically — trigger uploads from external tools, query file metadata, manage through scripts [README].
• No runtime dependencies beyond PHP. No Node.js, no Redis, no Elasticsearch. Fewer moving parts = fewer failure modes.

Cons

• 112 GitHub stars. This is a small, niche project. Small community means slower bug fixes, fewer tutorials, and higher risk of abandonment. It’s not a reason to avoid it, but it’s something to weigh for anything you’re building critical workflow around.
• No official website or documentation site. The README is the documentation. It’s reasonably complete, but there’s no searchable docs, no FAQ, no community forum [README].
• Single maintainer. One person (farisc0de) owns the project. Long-term maintenance risk is real for a tool you’re deploying in production.
• Local filesystem storage only. Files land in uploads/ on the server. No S3, no object storage, no CDN integration. Scaling beyond one server means rethinking the architecture yourself.
• No preview or thumbnail generation. Upload an image, get a link. No in-browser preview, no document rendering, no media handling. If you need those, look elsewhere.
• Google AdSense integration is a first-class feature. The README prominently lists AdSense support alongside legitimate features like ClamAV and RBAC. If you’re deploying this internally, you’ll never use this feature — but it signals the tool’s original design target: public-facing file hosts that monetize with ads. Internal tools don’t need this.
• Data collection is on by default. IP address, browser, OS, and country are logged for every upload. That’s useful for abuse tracking, but it’s also something to audit against your privacy policy if you’re in a GDPR-relevant context.
• No built-in backup or disaster recovery tooling. You manage your own backups of both the database and uploads/ directory.

---

Who should use this / who shouldn’t

Use Uploady if:

• You need a managed upload portal — user accounts, roles, admin panel — not just an anonymous file drop.
• Your team is comfortable with PHP deployments or you’re already on shared PHP hosting.
• You want MIT-licensed software with no commercial licensing complications.
• You need to accept file uploads from clients or external parties without paying per-upload fees or per-GB storage charges.
• The feature set in the README covers what you need, and you’re not planning to build on top of it extensively.

Skip it (use Nextcloud instead) if:

• You need file management — syncing, versioning, editing, calendaring, contacts — not just file upload and retrieval.
• You want a polished, enterprise-supported platform with a dedicated security team and regular CVE disclosures.

Skip it (use Jirafeau or PsiTransfer instead) if:

• You want zero-account anonymous temporary file sharing — send a link, file expires, no user management needed.
• Simplicity is the only goal and you don’t need roles, admin panel, or API.

Skip it (use Filestack or Uploadcare instead) if:

• You need a JavaScript upload widget you can embed in your existing app with minimal backend work.
• You want CDN delivery, image transformations, or document previews out of the box.
• You don’t want to manage a server.

Skip it (don’t deploy yet) if:

• You’re building anything at scale or with security-critical file handling and you need a project with a larger contributor base and active security disclosures.

---

Alternatives worth considering

Jirafeau — Minimalist single-click file upload. No user accounts, no roles, no admin panel. Just “upload file, get link, file expires.” Better for anonymous temporary drops; worse for managed portals. MIT licensed, PHP-based, widely used.

PsiTransfer — Another minimal anonymous file drop. Node.js instead of PHP. No accounts, simple configuration. Good for “send me a file” use cases, not for managing who uploaded what.

Filebrowser — More of a web-based file manager than an upload tool. Works with the local filesystem, has user accounts and permissions, and lets you browse/upload/download. Closer to a lightweight Nextcloud than a dedicated uploader. MIT licensed, Go binary.

Nextcloud — The full self-hosted file platform. If you find yourself wanting thumbnails, document preview, versioning, mobile sync, and calendar integration, Nextcloud is the obvious direction. Significantly more complex to operate than Uploady.

Seafile — Nextcloud alternative. Better performance on large file sync workloads. More complex to install, more actively maintained than Uploady, commercial tier available.

S3 + presigned URLs — If you’re a developer integrating file uploads into an application, the “self-hosted” version of this is MinIO (S3-compatible object storage) with presigned upload URLs. No UI, maximum flexibility, requires code. Not the same tool category as Uploady but solves a related problem.

Filesender — Academic/research sector file transfer software. Heavy, enterprise-grade, built for large files and notifications. Far more complex than Uploady.

For the non-technical founder who wants to stop emailing files back and forth, the realistic shortlist is Uploady vs Jirafeau. Pick Uploady if you need user management and an admin panel. Pick Jirafeau if you want something you can forget is running.

---

Bottom line

Uploady occupies a specific, underserved slot: a PHP file upload portal with real access control and an admin panel, free to self-host, simple enough to deploy in an afternoon. It’s not trying to be Nextcloud. It’s trying to be a clean intake form for files, with enough security and management tooling to use in a real business context without embarrassment.

The honest concern is scale — not load, but project scale. At 112 stars with no website and a single maintainer, Uploady is software you use because it solves your problem today, not software you bet a production system on for the next five years. If it gets abandoned, you’re running something unmaintained on a PHP stack that will eventually need security patches.

For a low-stakes use case — agency collecting client assets, internal submission portal, replacing a shared Dropbox folder — the risk/reward math is fine. Deploy it, enjoy the zero software cost, and have a migration plan. For anything involving sensitive documents or high upload volume, the single-maintainer risk deserves more weight in your decision.

If the server setup is the blocker, that’s exactly what upready.dev handles for clients — one-time deployment, you own the infrastructure.

---

Sources

1. Awesome-Selfhosted — “File Transfer - Single-click & Drag-n-drop Upload” listing including Uploady. https://git.libox.fr/Clones/awesome-selfhosted (mirror of https://github.com/awesome-selfhosted/awesome-selfhosted)

Primary sources:

• GitHub repository and README: https://github.com/farisc0de/Uploady (112 stars, MIT license)
• Filestack pricing: https://www.filestack.com/pricing
• Uploadcare pricing: https://uploadcare.com/pricing
• WeTransfer Pro pricing: https://wetransfer.com/pricing