Installation Instructions

1. Upload the post-password-token folder to your /wp-content/plugins/ directory
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Configure the plugin through its Admin page to customize the parameters used to create the tokens
4. When you create a password protected post you'll have an extra post-meta box that shows the URL that you can distribute

FAQ

So, what do I have to do?

Not much. After you install the plugin all you have to do is set a password on a post using WordPress' standard Password Protection Functionality. After the password is set and you've saved the post there will be a new meta box on the post edit screen (in the center content area, below the post-content editor) that will present you with a full URL to the post including the token. Distribute this URL to give people automatic access to your post.

Does the normal password functionality still work?

Yes, this still functions as normal.

Accessing a password-protected post by its standard url will still show the expected password dialog, but when a reader accesses a password-protected post by its secret Password Token url, they will be automatically authenticated and be able to see the full content.

Do I have to do anything special to generate tokens for my old password-protected content?

No. Since the tokens aren't stored but instead generated when needed there's no need to to do anything but navigate to the post edit page for your protected post to retrieve your token.

How long does a secret url last?

The url itself lasts forever, unless you change it. Additionally, accessing a post by its secret url will set an authentication cookie for the user that lasts for 10 days.

Can I have a single token for all protected content?

Not yet.

Can I set the post visibility on a per post basis?

Not yet.

How do I revoke a secret url?

If you need to revoke the secret urls for an individual post, you can simply change the post password. Once you save the post it will create new secret urls and invalidate the old ones: the old url will no longer automatically log readers in and they'll be asked to enter a password if they use that URL.

You can also revoke all secret urls site-wide (the "nuclear" option). To do so, go to the plugin admin page and change the password salt.

Does this work with caching plugins such as WP Super Cache?

Yes. The token in the URL triggers a unique cache. Be aware that this does create a potential security risk. Not huge, but potential. If you don't want these pages cached then use the settings in your caching plugin to keep urls with ppt= in the url from being cached.

I found a bug. Where can I submit it?

If you've run into unexpected behavior while using the plugin, please file a bug report at http://top-frog.com/contact.

Changelog

1.2.2

• Added exclude for proper exclusion of pages when wp_list_pages is called
• Deprecated support for WP < 3.0

1.2.1

• Properly applied user levels check to admin menu item

1.2

• Tested compatible with WordPress 3.0b2
• Added security check around menu item. Only users with manage_options can view the settings page
• Consolidated options in to single wp_options entry
• Don't show tokens for non-published posts
• Added support for WordPress 3.0 custom post types
• Upped version requirement to 2.8 - I no longer want to test versions prior to 2.8 ;)

1.1.1

• Added more documentation
• Added WordPress Help Center badge
• Tested up to WordPress 3.0b1

1.1

• Adding the ability to hide protected posts from general view
• rearranged the admin options to separate salt & general options saving
• updated documentation

1.0.2

• Minor fixes to related URLs and version numbers

1.0.1

• Moving plugin info page off of GitHub
• Unifying page names in admin page calls
• Tested up to 2.8.5
• Moving all information & bug submission links away from GitHub

1.0

• initial release