Bypass a WordPress Password Protected Page via url

admin管理员组

文章数量:1129221

I have a password protected page and I'd like to get it accessible also with a direct link with the password in url.

I found this solution, and it works perfectly unless you try to access the page the usual way through the default password form. In this case you get notices like Undefined index: pwd.

Same notices in admin dashboard. I fixed this by adding if is_admin() condition, but not the previous issue.

Any suggestion will be highly appreciated.

I have a password protected page and I'd like to get it accessible also with a direct link with the password in url.

I found this solution, and it works perfectly unless you try to access the page the usual way through the default password form. In this case you get notices like Undefined index: pwd.

Same notices in admin dashboard. I fixed this by adding if is_admin() condition, but not the previous issue.

Any suggestion will be highly appreciated.

• password

Share Improve this question edited May 26, 2023 at 7:58 Christian70 asked May 26, 2023 at 7:57 Christian70Christian70 2111 silver badge33 bronze badges

Add a comment  | 

2 Answers 2

Sorted by: Reset to default 2

In case somebody needs help about my topic, I've fixed the notice error by modifying the original code as following:

// BYPASS PASSWORD PRETECTED PAGE URL
add_filter( 'post_password_required', function( $returned, $post ) {   
if ( !is_admin() ) {
    if (strpos($_SERVER['REQUEST_URI'], 'pwd') !== false){  
        if( $returned && ( $_GET['pwd'] ==  $post->post_password ) )
            $returned = false;          
    }   
} else {        
    $returned = true;   
}
return $returned;
}, 10, 2 );

What you're trying to accomplish poses a significant security risk and is generally not advised. Passing passwords via URL can expose sensitive information because URLs are logged in various places like browser history, network routers, and server logs.

However, if you're aware of these security implications and you have a valid use case for this, there is a possible solution you could consider: instead of passing the actual password in the URL, pass a uniquely generated token that maps to the password on the server side.

Here's a rough idea of how this could be done:

1. Generate a unique token for each password protected page. You could store these tokens in the database and associate each with the appropriate page.

2. When a user accesses a page via the special URL containing the token, your code intercepts the request, checks the token against the database, and if it matches, it programmatically submits the password and bypasses the password form.

3. If the user accesses the page via the normal URL, they would be presented with the password form as usual, since no token is being passed.

This is still not an ideal solution and would require quite a bit of custom code to implement correctly. Furthermore, it still presents a security risk as tokens could be intercepted and used by unauthorized individuals.

If you need to share access to password protected content with several users, you might want to consider using a membership plugin or a user role management plugin, which could provide a more secure way to manage access.

本文标签： Bypass a WordPress Password Protected Page via url