Last month, I found Kieran Lane’s blog post on bypassing the WordPress password-protected post form while researching how to allow a client to skip the password form via a URL parameter. Kieran’s solution required editing a WordPress core file, and at the time neither of us had found a less brittle way to solve the problem. Fortunately, it is possible to do just this by using WordPress’s the_password_form filter:
function bypass_password_form( $output ) {
// Check for a hash of the password
// exactly as in Kieran's example
if ( $_GET['pwd'] == md5( $post->post_password ) ) {
return apply_filters(
'the_content',
get_page( get_the_ID() )->post_content
);
}
// Or return the output as normal
return $output;
}
add_filter('the_password_form','bypass_password_form');
They are not well documented, but there is almost always a way to do something in WordPress using filters—it can just take a few weeks of digging to find the right one! If you are managing your own site, modifying the core files may be fine, but I encourage any WordPress contractors or developers to research and share ways they have found to avoid customizing the core. Having this kind of functionality in a plugin or your theme’s functions.php will make for fewer headaches for clients when they need to upgrade ;)