Secure Role-Restricted Draft Previews
| 开发者 | pixypuala |
|---|---|
| 更新时间 | 2025年10月2日 23:00 |
| PHP版本: | 8.1 及以上 |
| WordPress版本: | 6.8 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
- Full Site Editing (FSE) themes
- Block themes (modern WordPress)
- Classic PHP-based themes
- All page builders including Elementor, WPBakery, Divi, etc.
- WooCommerce product drafts
- Any CSS framework including Tailwind CSS v4+ Key features
- Create expiring preview links (default 72h; configurable).
- Restrict by roles, specific users, or per-email tokens (no login for recipients).
- Require HTTPS for previews (on by default).
- Per-link analytics: allowed/denied events, hashed IP, user agent (privacy-friendly).
- Meta box in the editor (Post/Page by default; filterable) to generate, copy, and revoke.
- "Revoke All" for a post.
- Everything prefixed (
srpl_), sanitized, and aligned with WordPress coding standards.
- Role-based Access: Requires login. Only users with allowed roles can view the preview.
- User-based Access: Requires login. Only specific user IDs can access the preview.
- Email Token Access: No login required. Recipients receive unique URLs with email verification tokens.
wp_srpl_events) with hashed IP for privacy.
Privacy
- IPs are hashed using
hash_hmac(sha256, ip, wp_salt('auth')). - You can disable analytics entirely under Settings → Secure Previews.
- Fully documented filters and actions
- Clean, object-oriented codebase
- PSR-4 autoloading
- Extensive inline documentation
安装:
- Upload the plugin folder to
/wp-content/plugins/or install from WP.org. - Activate the plugin through the 'Plugins' menu in WordPress.
- Go to any Post/Page editor → sidebar meta box "Secure Preview Links".
- Generate a link (choose Mode + TTL). Copy the URL (for email mode, copy the per‑email URLs shown).
- Optional: configure defaults in Settings → Secure Previews.
常见问题:
Is this the same as Public Post Preview?
No. That plugin makes anonymous, expiring links. SRPL requires login for role/user modes and supports per‑email tokens. It also offers per‑link analytics and revoke‑all functionality.
Can I restrict by custom roles?
Yes. All editable roles are available. You can also filter supported post types via srpl_supported_post_types.
Does it support Custom Post Types?
Yes. Add your CPT slug to the srpl_supported_post_types filter:
add_filter('srpl_supported_post_types', function($post_types) {
$post_types[] = 'product'; // Add custom post type
return $post_types;
});
Is this plugin compatible with Full Site Editing (FSE), Block Themes, and Classic Themes?
Yes! Our plugin works seamlessly with:
- Full Site Editing (FSE) themes
- Block themes (modern WordPress)
- Classic PHP-based themes
- All page builders including Elementor, WPBakery, Divi, etc.
- WooCommerce product drafts
- Any CSS framework including Tailwind CSS v4+ The preview functionality renders drafts exactly as they would appear on your live site, regardless of your theme or page builder.
Will this leak draft content to search engines?
No. Links are opaque tokens; access is gated and previews are not discoverable by search engines.
How are analytics stored?
A lightweight table wp_srpl_events stores link id, post id, hashed IP, UA, user id (if logged), outcome, and timestamp. You can disable this in settings.
Can I change the default expiration time?
Yes, use the srpl_default_ttl_hours filter:
add_filter('srpl_default_ttl_hours', function($hours) {
return 168; // 1 week
});
How secure are the preview links?
Very secure. Links use cryptographically strong tokens that are non-guessable. Email tokens are deterministic but secure, using your site's nonce salt.
更新日志:
- Updated plugin assets for WordPress.org directory.
- Initial release.