[WordPress] 外掛分享: RIACO Content Protector

首頁外掛目錄 › RIACO Content Protector
WordPress 外掛 RIACO Content Protector 的封面圖片
全新外掛
安裝啟用
尚無評分
35 天前
最後更新
問題解決
WordPress 6.2+ PHP 7.4+ v1.1.0 上架:2025-12-03

內容簡介

以下是 RIACO Content Protector 外掛的總結:
- RIACO Content Protector 外掛讓您可以使用簡碼來保護 WordPress 內容的任何部分。
- 與内建的文章密碼保護不同,此外掛僅保護您包裹的部分,而不是整個文章。
- 適用於保護付費內容區塊、指南、下載、連結或敏感部分等。

### 問題與答案:
1. RIACO Content Protector 外掛能夠保護 WordPress 內容的哪些部分?
- 可以保護任何部分,使用簡碼包裹起來。

2. 如果使用 RIACO Content Protector 外掛保護內容,當訪客輸入正確密碼後會發生什麼情況?
- 內容將立即解鎖,所有其他受保護的區域也會自動解鎖。
- 可選擇使用 cookie 保留解鎖的內容一段時間。

3. RIACO Content Protector 的安全性功能有哪些?
- 每次請求均使用 Nonces。
- 以安全的 HMAC 標記進行 cookie 認證。
- 清理簡碼屬性。
- 脫離的輸出。
- 不在 cookie 中存儲敏感資料。

外掛標籤

開發者團隊

⬇ 下載最新版 (v1.1.0) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「RIACO Content Protector」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

RIACO Content Protector allows you to protect any part of your WordPress content using a shortcode.
Unlike the built-in post password protection, this plugin protects only what you wrap, not the whole post.
Perfect for:

Protecting premium blocks of content
Protecting guides, downloads, links, or sensitive sections
Paywall-style snippets

Features

Protect only specific content inside posts/pages
Uses a minimal shortcode:
[riaco_content_protector] Hidden text here [/riaco_content_protector]
Global password stored in plain text, like WordPress page passwords.
AJAX-based form — no page reload
Unlocks all protected sections on the site after correct password
Optional cookie persistence (remember unlocked content for a configurable number of days)
Secure implementation using nonces, hashed tokens, and transients
Developer-friendly: filters, actions, and JS custom events at every key point in the unlock flow

Important:

The global password is stored in plain text, just like WordPress page passwords. It can be read by user with ‘manage_options’ ability.
If the global password or “Remember Unlocked” duration is changed in settings, all existing unlock cookies are invalidated. Users will need to re-enter the new password to access protected content.

How It Works
Wrap content you want to protect:
[riaco_content_protector]
This text will be hidden until the visitor enters the password.
[/riaco_content_protector]

Set the global password under:
Settings > Content Protector
Visitors will see a modern, styled form.
After entering the correct password:

The content unlocks immediately
All other protected areas unlock automatically
An optional cookie can keep everything unlocked for a chosen number of days

Security

Nonces on every request
Secure HMAC token for cookie authentication
Sanitized shortcode attributes
Escaped output
No sensitive data stored in cookies
Global password stored in plain text, like WordPress page passwords.

Cookie
The default cookie name is riaco_cp_unlocked_global. The scope suffix global can be changed via the riaco_cp_cookie_scope filter, which also changes the cookie name accordingly.
Style
You can style the content protector box.
It has this class: .riaco-cp--container, so you can add in your style.css:
.riaco-cp--container {
background: #f8f9fa;
padding: 20px;
border: 1px solid #ddd;
border-radius: 6px;
}

You can replace button classes using:
add_filter( 'riaco_cp_button_classes', function( $classes ) {
return 'button my-custom-button-class';
});

Or you can remove button classes:
add_filter( 'riaco_cp_button_classes', function( $classes ) {
return str_replace( 'wp-element-button', '', $classes );
});

For Developers
The plugin exposes actions and filters at every key point so you can extend or customise behaviour without modifying plugin files.
Filters
riaco_cp_default_options — modify the option defaults written on first activation.

add_filter( 'riaco_cp_default_options', function( $defaults ) {
$defaults['remember_days'] = 30;
return $defaults;
});

riaco_cp_instance_id — override the computed instance ID for a protected block.

add_filter( 'riaco_cp_instance_id', function( $id, $atts, $content ) {
return ! empty( $atts['id'] ) ? 'my_prefix_' . $atts['id'] : $id;
}, 10, 3 );

riaco_cp_transient_expiry — change how long protected content is cached (default: `DAY_IN_SECONDS`).

add_filter( 'riaco_cp_transient_expiry', function( $seconds, $instance_id ) {
return HOUR_IN_SECONDS * 6;
}, 10, 2 );

riaco_cp_lock_message — customise the message shown above the password field.

add_filter( 'riaco_cp_lock_message', function( $message, $instance_id ) {
return __( 'Members only. Enter your access code:', 'my-theme' );
}, 10, 2 );

riaco_cp_unlocked_content — wrap or replace the HTML around unlocked content.

add_filter( 'riaco_cp_unlocked_content', function( $html, $content, $instance_id ) {
return '

' . $content . '

';
}, 10, 3 );

riaco_cp_cookie_args — modify the options passed to `setcookie()`.

add_filter( 'riaco_cp_cookie_args', function( $args, $cookie_name ) {
$args['samesite'] = 'Strict';
return $args;
}, 10, 2 );

riaco_cp_max_attempts — change the brute-force rate-limit threshold (default: 5).

add_filter( 'riaco_cp_max_attempts', function( $max ) {
return 10;
});

riaco_cp_rate_limit_window — change the rate-limit window in seconds (default: 15 minutes).

add_filter( 'riaco_cp_rate_limit_window', function( $seconds ) {
return 5 * MINUTE_IN_SECONDS;
});

riaco_cp_content_access — override the cookie check before protected content is rendered. Return `null` to use the default cookie check, `true` to force-grant access, or `false` to force the lock form.

add_filter( 'riaco_cp_content_access', function( $access, $instance_id, $atts ) {
// Grant access to logged-in users automatically.
if ( is_user_logged_in() ) {
return true;
}
return null; // Fall through to cookie check for guests.
}, 10, 3 );

riaco_cp_locked_html — replace or wrap the entire locked form HTML.

add_filter( 'riaco_cp_locked_html', function( $html, $instance_id, $atts ) {
return '

Subscribe to see this content.

';
}, 10, 3 );

riaco_cp_validate_password — override password validation. Return `null` to use the default `hash_equals` check, `true` to grant access, or `false` to deny. When non-null, the global password is not consulted.

add_filter( 'riaco_cp_validate_password', function( $result, $user_pass, $instance_id ) {
// Accept a secondary password for a specific block.
if ( $instance_id === 'riaco_cp_vip' && $user_pass === 'vip-secret' ) {
return true;
}
return null; // Defer to global password check.
}, 10, 3 );

riaco_cp_rate_limit_bypass — bypass the brute-force counter for trusted IP addresses.

add_filter( 'riaco_cp_rate_limit_bypass', function( $bypass, $ip_address ) {
$trusted = array( '127.0.0.1', '192.168.1.100' );
return in_array( $ip_address, $trusted, true );
}, 10, 2 );

riaco_cp_cookie_scope — change the cookie scope suffix (default: `'global'`). The cookie name becomes `riaco_cp_unlocked_{scope}`. Use this to implement per-post or per-instance independent lock states.

add_filter( 'riaco_cp_cookie_scope', function( $scope, $instance_id ) {
// Use a per-post cookie so each post unlocks independently.
return 'post_' . get_the_ID();
}, 10, 2 );

riaco_cp_ajax_response — inject additional fields into the JSON success response sent after unlock.

add_filter( 'riaco_cp_ajax_response', function( $data, $instance_id ) {
$data['redirect'] = home_url( '/members/' );
return $data;
}, 10, 2 );

riaco_cp_js_data — add extra data to the `RIACO_CP_Ajax` JavaScript object.

add_filter( 'riaco_cp_js_data', function( $data ) {
$data['my_feature_enabled'] = true;
return $data;
});

Actions
riaco_cp_loaded — fires after the plugin initialises; receives the `Plugin` instance.

add_action( 'riaco_cp_loaded', function( $plugin ) {
// $plugin->settings, $plugin->shortcode, etc. are available here.
});

riaco_cp_form_fields — inject extra hidden inputs or markup inside the password form.

add_action( 'riaco_cp_form_fields', function( $instance_id ) {
echo '';
});

riaco_cp_password_correct — fires when a visitor enters the correct password.

add_action( 'riaco_cp_password_correct', function( $instance_id ) {
// Log unlock event, fire analytics, etc.
});

riaco_cp_password_incorrect — fires on a failed attempt; `$attempts` is the running total for this IP.

add_action( 'riaco_cp_password_incorrect', function( $instance_id, $attempts ) {
if ( $attempts >= 3 ) {
// Send alert, block IP in your firewall, etc.
}
}, 10, 2 );

riaco_cp_cookie_set — fires after the unlock cookie is written.

add_action( 'riaco_cp_cookie_set', function( $cookie_name, $expire ) {
// Record unlock timestamp, sync to a log, etc.
}, 10, 2 );

riaco_cp_settings_page_after — fires after the free plugin's settings form. Use it to render your own `

` block with additional settings fields below the existing form.

add_action( 'riaco_cp_settings_page_after', function() {
// Render a separate settings form here.
});

JavaScript Custom Events
The plugin triggers jQuery custom events on the .riaco-cp--container element at key moments. Listen from any JavaScript file that loads after the plugin’s script.
riaco_cp:before_submit — fires just before the AJAX password call. Call `e.preventDefault()` to cancel the submission (the UI is restored automatically).

$(document).on('riaco_cp:before_submit', '.riaco-cp--container', function(e, instanceId, password) {
// e.preventDefault(); // uncomment to cancel submission
});

riaco_cp:unlock_success — fires after a successful AJAX response, before the container is replaced with unlocked content.

$(document).on('riaco_cp:unlock_success', '.riaco-cp--container', function(e, instanceId, responseData) {
console.log('Unlocked:', instanceId, responseData);
});

riaco_cp:unlock_error — fires on wrong password, rate-limit hit, or network/server failure.

$(document).on('riaco_cp:unlock_error', '.riaco-cp--container', function(e, instanceId, errorMessage) {
console.warn('Unlock failed for', instanceId, errorMessage);
});

License
This plugin is licensed under GPLv2 or later.

延伸相關外掛

文章
Filter
Mastodon