Docs
← Back to site

Google Cloud Storage

4 min readUpdated June 28, 2026

Google Cloud Storage is a globally distributed object storage service from Google Cloud. WP Media Cloud connects to GCS using HMAC credentials, which provide S3-compatible access to your buckets without requiring the full Google Cloud SDK.

Before you start#

You will need:

  • A Google Cloud account with billing enabled.
  • A Google Cloud project.
  • A GCS bucket.
  • An HMAC access key and secret for a service account with access to the bucket.

Step 1: Create a GCS bucket#

Go to the Google Cloud console and select your project. Go to Cloud Storage > Buckets and click Create. Configure the bucket as follows:

  • Name — choose a globally unique name, lowercase, no spaces
  • Location type — Multi-region for global availability, Region for a single location, or Dual-region for two paired regions. For WordPress media, Multi-region (US, EU, or ASIA) is the most common choice.
  • Storage class — Standard for frequently accessed media
  • Access control — leave Uniform selected (recommended by Google)
  • Public access prevention — uncheck Enforce public access prevention if you want to serve files publicly

Click Create.

Step 2: Make the bucket publicly readable#

To serve files publicly, grant the special allUsers principal the Storage Object Viewer role on the bucket.

Go to your bucket, click the Permissions tab, and click Grant Access. In the New principals field enter allUsers. Under Role select Cloud Storage > Storage Object Viewer. Click Save. Google will warn you that this makes files publicly accessible — confirm.

If public access prevention is enforced at the project level in your Google Cloud organisation, you may need to override it at the bucket level first.

Step 3: Create a service account#

Go to IAM & Admin > Service Accounts and click Create Service Account. Give it a name such as wp-media-cloud and click Create and Continue.

On the permissions step, grant the service account the Storage Object Admin role. Click Continue and then Done.

Step 4: Generate HMAC credentials#

Go to Cloud Storage > Settings in the Google Cloud console and select the Interoperability tab. Under Service account HMAC keys, find your service account and click Create a key.

Copy and save the Access Key and Secret before closing the dialog — the secret is only shown once.

HMAC keys provide S3-compatible access to GCS. They authenticate as the service account they belong to, so the service account must have the Storage Object Admin role on your bucket as set in step 3.

Step 5: Connect Google Cloud Storage in WP Media Cloud#

You have two options for connecting GCS to WP Media Cloud. Use whichever suits your setup.

Option A: Setup wizard

Go to WP Media Cloud > Setup Wizard. The wizard walks you through provider selection, credential entry, and CDN configuration. This is the recommended option for most users.

Option B: wp-config.php constants

Add the following constants above the /* That's all, stop editing! */ line in wp-config.php:

define( 'WPMC_PROVIDER',         'gcs' );
define( 'WPMC_GCS_LOCATION',     'auto' );
define( 'WPMC_GCS_ACCESS_KEY',   'your-hmac-access-key' );
define( 'WPMC_GCS_SECRET_KEY',   'your-hmac-secret' );
define( 'WPMC_GCS_BUCKET',       'your-bucket-name' );
define( 'WPMC_GCS_CDN_TYPE',     'custom' );
define( 'WPMC_GCS_CDN_URL',      'https://your-cdn.com' );

The WPMC_GCS_LOCATION value can be left as auto for most setups. Once the constants are in place, go to WP Media Cloud > Settings > Storage and confirm the plugin has loaded them. Constants override any values saved in the settings panel.

Step 6: Test the connection#

Click Test Connection. WP Media Cloud will upload a small test file to your GCS bucket and confirm it can be read back. A green success message confirms the connection is working.

Step 7: Configure CDN delivery (optional)#

GCS can serve files directly from the bucket’s public URL at https://storage.googleapis.com/[bucket-name]/[file-path]. For global edge caching and faster delivery, Google Cloud CDN can be configured in front of GCS, or you can use an external CDN such as Bunny CDN or Cloudflare with your bucket URL as the origin. Configure your CDN hostname in WP Media Cloud > Settings > CDN > Custom CDN URL.

Troubleshooting#

Connection test returns 403 Forbidden
The HMAC key does not have sufficient permissions. Confirm the service account the HMAC key belongs to has the Storage Object Admin role on the bucket. Also confirm the HMAC key is active in Cloud Storage > Settings > Interoperability.

Connection test returns 404 or bucket not found
The bucket name is incorrect. GCS bucket names are case-sensitive and globally unique. Confirm the name matches exactly what is shown in the Google Cloud console.

Files upload but return 403 when accessed publicly
The allUsers Storage Object Viewer permission has not been applied to the bucket, or public access prevention is enforced. Check the bucket’s Permissions tab and confirm allUsers has the Storage Object Viewer role. If public access prevention is showing as enforced, it may be set at the project or organisation level and needs to be overridden.

HMAC key not found or invalid
HMAC keys are tied to the service account that created them. If the service account was deleted or the key was deactivated, generate a new HMAC key under Cloud Storage > Settings > Interoperability.

This website uses cookies to enhance your browsing experience and ensure the site functions properly. By continuing to use this site, you acknowledge and accept our use of cookies.

Accept All Accept Required Only