Enhanced Protected Content

[gwagenknecht]

WordPress allows to protect posts or pages with passwords. This requires you to make the password available to all people that should see this page. Although this works well with small groups it doesn't scale if you want to publish some sensitive information that should not be available to search robots or anonymous browser but to a broader range (such as partners, regular blog readers or hiring managers).

I would like to see a system similar to the following in WordPress in the future. I don't know if it would be also possible to implement this in a plug-in.

Pages/Posts/Content can be marked "requires reader verification". Such content will only show a form requiring the reader to enter a token. If the reader doesn't have a token he is offered to receive one via email. A token will be generated and sent to the reader's email. He can then enter the token and view the content. However, the token is only valid during the current session and only for this particular content. All access to the content is tracked by WordPress. The access list is viewable in the Backend, eg. "Content XYZ viewed by someone@… on 2005-11-14 08:30 GMT+1".

Another option is to only allow registered useres to access content. This doesn't require generating and entering tokens. However, all access to the content should be tracked.

A third enhancment is to allow distribution of files/documents via this feature. Uploads are saved to a directory not accessible for the web server. Downloads are only possible via a token in the URL, eg. ​http://mypage.com/blog/downloads/XPP§9j"Ö9i8nkev/file.pdf. Again, the token is only valid for one request.

[markjaquith]

Plugin material