Tech

Published on December 15th, 2011 | by Kieran

5

Bypass a WordPress Password Protected Post or Page via a URL

I often use password protected posts and pages in WordPress to securely share content with friends and family. When they need want to look at the items they go to the page, enter the password and hey presto they are in. However, as clever as they all may be, getting them to enter even the simplest of password has proven to be a bit of a challenge. So I wanted an nice easy way to share a link or URL with them that would allow them to bypass the prompt for a password.

For example if the person went to http://www.domain.com/post/?password=PASSWORD they would be straight in without being asked for the password. I managed to achieve this by by editing /wp-includes/post_template.php and locating the section below.

It checks “Whether post requires password and correct password has been provided“, and returns a “false if a password is not required or the correct password cookie is present.” What I did was add a $_GET[‘password’] to look at the URL take the password from the URL, and to compare it with the actual password.

While you could put the password in plain text into the URL, I decided to use something like md5generator.net to convert the password into an MD5 string. The code below then compares the parsed password form the URL with the MD5 version of the password. This way, the link http://www.domain.com/post/?password=PASSWORD would become http://www.domain.com/post/?password=319f4d26e3c536b5dd871bb2c52e3178.

Simply add the above into /wp-includes/post_template.php like below

Now you will have the option of people visiting the post and entering the password or give them a link to bypass the password all together. Personally I use a URL shortner to make the URL a bit nice and also allows me to track visits to the URL.

Tags: , , , , ,


About the Author

has worked with computers and technology for over 20 years. Based in the United Kingdom, he works as a Solution Engineer for Salesforce, specialising in all things Commerce, Digital and the Internet. Predominantly blogging on KieranLane.com he can also be found on Twitter @KieranLane, Instagram and Flickr.



5 Responses to Bypass a WordPress Password Protected Post or Page via a URL

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Top ↑