Last month, I found Kieran Lane’s blog post on bypassing the WordPress password-protected post form while researching how to allow a client to skip the password form via a URL parameter. Kieran’s solution required editing a WordPress core file, and at the time neither of us had found a less brittle way to solve the problem. Fortunately, it is possible to do just this by using WordPress’s the_password_form
filter:
function bypass_password_form( $output ) { // Check for a hash of the password // exactly as in Kieran's example if ( $_GET['pwd'] == md5( $post->post_password ) ) { return apply_filters( 'the_content', get_page( get_the_ID() )->post_content ); } // Or return the output as normal return $output; } add_filter('the_password_form','bypass_password_form');
They are not well documented, but there is almost always a way to do something in WordPress using filters—it can just take a few weeks of digging to find the right one! If you are managing your own site, modifying the core files may be fine, but I encourage any WordPress contractors or developers to research and share ways they have found to avoid customizing the core. Having this kind of functionality in a plugin or your theme’s functions.php will make for fewer headaches for clients when they need to upgrade 😉
So do you have any idea of how you could use this function to modify the setcookie on the password protected page? The cookie is set in wp-pass.php for 10 days which is too long but I don\’t want to edit a core file. I\’ve tried using the_password_form function, but can\’t seem to get it to work. Would love to hear if you have any ideas. Thanks!
Interesting question. I haven\’t had the need to adjust that, so I had not looked into that possibility—I can\’t promise I\’ll be able to investigate, but I\’ll post here if I do if I learn anything.