Title: Post Password Token
Author: Shawn Parker
Published: <strong>2009 年 9 月 8 日</strong>
Last modified: 2023 年 7 月 6 日

---

搜索插件

**该插件尚未通过WordPress的最新3个主要版本进行测试**。 当与较新版本的WordPress一起
使用时，可能不再受到维护或支持，并且可能会存在兼容性问题。

![](https://s.w.org/plugins/geopattern-icon/post-password-plugin.svg)

# Post Password Token

 作者：[Shawn Parker](https://profiles.wordpress.org/shawnparker/)

[下载](https://downloads.wordpress.org/plugin/post-password-plugin.2.0.3.zip)

 * [详情](https://cn.wordpress.org/plugins/post-password-plugin/#description)
 * [评价](https://cn.wordpress.org/plugins/post-password-plugin/#reviews)
 *  [安装](https://cn.wordpress.org/plugins/post-password-plugin/#installation)
 * [开发进展](https://cn.wordpress.org/plugins/post-password-plugin/#developers)

 [支持](https://wordpress.org/support/plugin/post-password-plugin/)

## 描述

The Post Password Token plugin lets you issue secret urls that allow readers to 
access protected content without having to enter a password. It extends the default
WordPress post password protection functionality by creating secret urls to the 
post that have an encoded token. This is similar to the guest pass functionality
that can be found on Flickr.

#### Who is it for?

Sometimes you would like to share your blog posts with a specific group of people,
but not with the wider world. For example, a family might want to blog about their
adventures together for friends and family, but would rather not broadcast this 
to everyone. WordPress provides for this scenario by allowing you to password-protect
a post. Unfortunately, we’ve found through experience that a lot of our friends 
never make it past the password form. Either they mis-type the password, are confused
about what it is, or are simply scared off by an intimidating form.

The solution: give password-protected posts a secret url that can be shared with
friends and family. The url allows your select audience to see the content without
the confusion and hassle of an authentication form, while hiding the special content
from search spiders and the wider-world. You can revoke secret urls at any time,
so if a secret url gets to someone you don’t want it to, you can simply invalidate
it.

#### The Details

The encoded tokens are made by taking the post-name and post-password and encoding
them together. The plugin’s admin page also allows you to create a “salt”, or a 
unique key that makes the resulting encoded token more secure. Please note that 
once the salt option is set, changing it will change the secret urls for all posts.
Unless you want to invalidate all of your old secret urls, it is recommended that
you set the salt and leave it.

## 屏幕截图

 * [[
 * The Post Password Token plugin admin screen.

## 安装

 1. Upload the `post-password-token` folder to your `/wp-content/plugins/` directory
 2. Activate the plugin through the ‘Plugins’ menu in WordPress
 3. Configure the plugin through its Admin page to customize the parameters used to
    create the tokens
 4. When you create a password protected post you’ll have an extra post-meta box that
    shows the URL that you can distribute

## 常见问题

### So, what do I have to do?

Not much. After you install the plugin all you have to do is set a password on a
post using WordPress’ standard [Password Protection Functionality](https://codex.wordpress.org/Content_Visibility).
After the password is set and you’ve saved the post there will be a new meta box
on the post edit screen (in the center content area, below the post-content editor)
that will present you with a full URL to the post including the token. Distribute
this URL to give people automatic access to your post.

### Does the normal password functionality still work?

Yes, this still functions as normal.

Accessing a password-protected post by its standard url will still show the expected
password dialog, but when a reader accesses a password-protected post by its secret
Password Token url, they will be automatically authenticated and be able to see 
the full content.

### Do I have to do anything special to generate tokens for my old password-protected content?

No. Since the tokens aren’t stored but instead generated when needed there’s no 
need to to do anything but navigate to the post edit page for your protected post
to retrieve your token.

### How long does a secret url last?

The url itself lasts forever, unless you change it. Additionally, accessing a post
by its secret url will set an authentication cookie for the user that lasts for 
10 days.

### How to I add a page anchor to my url?

If you want to deep link in to a page, you can manually add the page anchor id to
the end of the url before sending out your link, ie: `https://example.com/?p=5&ppt
=04aa063124b672a0086fc68549a470a153b8324b776c265ff50c16640301a1f0#page-anchor`

### Can I have a single token for all protected content?

Not yet.

### Can I set the post visibility on a per post basis?

Not yet.

### How do I revoke a secret url?

If you need to revoke the secret urls for an individual post, you can simply change
the post password. Once you save the post it will create new secret urls and invalidate
the old ones: the old url will no longer automatically log readers in and they’ll
be asked to enter a password if they use that URL.

You can also revoke all secret urls site-wide (the “nuclear” option). To do so, 
go to the plugin admin page and change the password salt.

### Does this work with caching plugins such as WP Super Cache?

Yes. The token in the URL triggers a unique cache. Be aware that this does create
a potential security risk. Not huge, but potential. If you don’t want these pages
cached then use the settings in your caching plugin to keep urls with `ppt=` in 
the url from being cached.

### I found a bug. Where can I submit it?

If you’ve run into unexpected behavior while using the plugin, please file a bug
report at https://wordpress.org/support/plugin/post-password-plugin/.

## 评价

![](https://secure.gravatar.com/avatar/63e69b6ea12881f7b3cad95b05f84a0c2b89d8fc0650001f63a721f9d0ac5bfc?
s=60&d=retro&r=g)

### 󠀁[STILL works in 2018](https://wordpress.org/support/topic/still-works-in-2018-3/)󠁿

 [darkNiGHTS](https://profiles.wordpress.org/darknights/) 2018 年 2 月 22 日

Glad this plugin works because there’s nothing else like it and provides a really
good functionality. Does exactly what it says it does.

![](https://secure.gravatar.com/avatar/c7f8dd0fa652b664044f40ebeea76c9464b8e06386e63fed22d3d21a2aa751b8?
s=60&d=retro&r=g)

### 󠀁[Great for private websites](https://wordpress.org/support/topic/great-for-private-websites/)󠁿

 [gaertner](https://profiles.wordpress.org/gaertner/) 2016 年 9 月 3 日

You can publish your blog posts via generated link. the heading of the post is marked
with the text “Protected: “. Therefore I have a suggestion. It would be perfect 
if this is configurable. Either the text or an image with the option (pre or post
heading) so it can be adjusted individually. E.g. a picture of a lock behind the
heading. This would improve the readability. Maybe in next version?

 [ 阅读所有7条评价 ](https://wordpress.org/support/plugin/post-password-plugin/reviews/)

## 贡献者及开发者

「Post Password Token」是开源软件。 以下人员对此插件做出了贡献。

贡献者

 *   [ Shawn Parker ](https://profiles.wordpress.org/shawnparker/)
 *   [ gordonbrander ](https://profiles.wordpress.org/gordonbrander/)

[帮助将「Post Password Token」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/post-password-plugin)

### 对开发感兴趣吗?

您可以[浏览代码](https://plugins.trac.wordpress.org/browser/post-password-plugin/)，
查看[SVN仓库](https://plugins.svn.wordpress.org/post-password-plugin/)，或通过[RSS](https://plugins.trac.wordpress.org/log/post-password-plugin/?limit=100&mode=stop_on_copy&format=rss)
订阅[开发日志](https://plugins.trac.wordpress.org/log/post-password-plugin/)。

## 更新日志

#### 2.0.3

 * Fixed bug where protected posts weren’t being filtered from `get_posts`, thus
   showing up in `wp:navigation` blocks.
    ** `get_posts` _still_ has no fine grained
   filters, so this update feels a bit heavy.
 * Deprecated support for WP < 5.7

#### 2.0.2

 * Fixed a bug where the PPT Meta Box code would error on internal configuration
   pages where the Post wasn’t completely formed
 * Fix donation button application ID

#### 2.0.1

 * Include vendor directory to support autoloading
    ** A new autoloading scheme 
   will be used in the future to avoid committing the vendor directory

#### 2.0.0

 * Fixes and updates to support WordPress 5.9
 * Fixes and updates to support PHP 7.4+
 * Support `sha256` as a hashing algorithm (default for new installs, old installs
   can upgrade from md5)
 * Moderinized plugin code

#### 1.2.4

 * Fixed a bug that would use the wrong plugins_url when plugin was installed automatically
   via the wordpress admin
 * Show post short url in the Post edit interface
 * Removing reference to WP Help Center in contextual help
 * General code cleanup

#### 1.2.3

 * Updated Post Password cookie with new hashed password for WP >= 3.4

#### 1.2.2

 * Added exclude for proper exclusion of pages when `wp_list_pages` is called
 * Deprecated support for WP < 3.0

#### 1.2.1

 * Properly applied user levels check to admin menu item

#### 1.2

 * Tested compatible with WordPress 3.0b2
 * Added security check around menu item. Only users with `manage_options` can view
   the settings page
 * Consolidated options in to single `wp_options` entry
 * Don’t show tokens for non-published posts
 * Added support for WordPress 3.0 custom post types
 * Upped version requirement to 2.8 – I no longer want to test versions prior to
   2.8 😉

#### 1.1.1

 * Added more documentation
 * Added WordPress Help Center badge
 * Tested up to WordPress 3.0b1

#### 1.1

 * Adding the ability to hide protected posts from general view
 * rearranged the admin options to separate salt & general options saving
 * updated documentation

#### 1.0.2

 * Minor fixes to related URLs and version numbers

#### 1.0.1

 * Moving plugin info page off of GitHub
 * Unifying page names in admin page calls
 * Tested up to 2.8.5
 * Moving all information & bug submission links away from GitHub

#### 1.0

 * initial release

## 额外信息

 *  版本 **2.0.3**
 *  最后更新：**3 年前**
 *  活跃安装数量 **600+**
 *  WordPress 版本 ** 5.7 或更高版本 **
 *  已测试的最高版本为 **6.2.9**
 *  PHP 版本 ** 7.4 或更高版本 **
 *  语言
 * [English (US)](https://wordpress.org/plugins/post-password-plugin/)
 * 标签
 * [guest](https://cn.wordpress.org/plugins/tags/guest/)[password](https://cn.wordpress.org/plugins/tags/password/)
   [post](https://cn.wordpress.org/plugins/tags/post/)[token](https://cn.wordpress.org/plugins/tags/token/)
 *  [高级视图](https://cn.wordpress.org/plugins/post-password-plugin/advanced/)

## 评级

 4.9 星（最高 5 星）。

 *  [  6 条 5 星评价     ](https://wordpress.org/support/plugin/post-password-plugin/reviews/?filter=5)
 *  [  1 条 4 星评价     ](https://wordpress.org/support/plugin/post-password-plugin/reviews/?filter=4)
 *  [  0 条 3 星评价     ](https://wordpress.org/support/plugin/post-password-plugin/reviews/?filter=3)
 *  [  0 条 2 星评价     ](https://wordpress.org/support/plugin/post-password-plugin/reviews/?filter=2)
 *  [  0 条 1 星评价     ](https://wordpress.org/support/plugin/post-password-plugin/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/post-password-plugin/reviews/#new-post)

[查看全部评论](https://wordpress.org/support/plugin/post-password-plugin/reviews/)

## 贡献者

 *   [ Shawn Parker ](https://profiles.wordpress.org/shawnparker/)
 *   [ gordonbrander ](https://profiles.wordpress.org/gordonbrander/)

## 支持

有话要说吗？是否需要帮助？

 [查看支持论坛](https://wordpress.org/support/plugin/post-password-plugin/)

## 捐助

您愿意支持这个插件的发展吗?

 [ 捐助此插件 ](https://top-frog.com/projects/post-password-token/)