January 2012
Mon Tue Wed Thu Fri Sat Sun
« Jul   Feb »
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Month January 2012

Bypass the WordPress password form by using the_password_form

Last month, I found Kieran Lane’s blog post on bypassing the WordPress password-protected post form while researching how to allow a client to skip the password form via a URL parameter. Kieran’s solution required editing a WordPress core file, and at the time neither of us had found a less brittle way to solve the problem. Fortunately, it is possible to do just this by using WordPress’s the_password_form filter:

function bypass_password_form( $output ) {
  // Check for a hash of the password
  // exactly as in Kieran's example
  if ( $_GET['pwd'] == md5( $post->post_password ) ) {
    return apply_filters(
      'the_content',
      get_page( get_the_ID() )->post_content
    );
  }
  // Or return the output as normal
  return $output;
}
add_filter('the_password_form','bypass_password_form');

They are not well documented, but there is almost always a way to do something in WordPress using filters—it can just take a few weeks of digging to find the right one! If you are managing your own site, modifying the core files may be fine, but I encourage any WordPress contractors or developers to research and share ways they have found to avoid customizing the core. Having this kind of functionality in a plugin or your theme’s functions.php will make for fewer headaches for clients when they need to upgrade ;)