內容簡介
總結:這個 WordPress 外掛提供了一個在草稿預覽方面缺失的中間地帶,可以透過身分驗證和訪問控制列表來安全保護預覽,並提供分析和一鍵撤銷功能。
**問題與答案:**
1. 這個外掛提供了什麼缺失的中間地帶?
- 可以安全保護預覽,並具有身分驗證和訪問控制列表。
2. 這個外掛是如何保證隱私的?
- IP 地址是使用 hash_hmac(sha256, ip, wp_salt('auth')) 進行雜湊處理。
3. 這個外掛是否支援多種 WordPress 主題和元件?
- 是的,它與全站編輯主題、區塊主題、傳統基於 PHP 的主題、所有頁面構建器(包括 Elementor、WPBakery、Divi 等)、WooCommerce 產品草稿以及任何 CSS 框架(包括 Tailwind CSS v4+)無縫配合。
4. 這個外掛的預覽鏈接會自動過期嗎?
- 是的,它可以創建具有到期時間(預設為 72 小時,可配置)的預覽鏈接。
5. 如何撤銷所有與某篇文章相關的預覽鏈接?
- 可以使用「Revoke All」功能進行一鍵撤銷。
6. 這個外掛是否提供開發者友好的功能?
- 是的,它提供完整的文檔化過濾器和操作,乾淨的面向對象的代碼庫,PSR-4 自動加載以及豐富的內聯文檔。
外掛標籤
開發者團隊
② 後台搜尋「Secure Role-Restricted Draft Previews」→ 直接安裝(推薦)
原文外掛簡介
Why this plugin?
WordPress core preview links work well for editors, and Public Post Preview shares via anonymous nonces.
This plugin adds a missing middle ground: draft previews that are secured by authentication and access control
lists (ACLs) — role-based, user-specific, or per-email tokens — plus analytics and a one-click revoke-all.
Universal Compatibility
Works seamlessly with:
* Full Site Editing (FSE) themes
* Block themes (modern WordPress)
* Classic PHP-based themes
* All page builders including Elementor, WPBakery, Divi, etc.
* WooCommerce product drafts
* Any CSS framework including Tailwind CSS v4+
Key features
Create expiring preview links (default 72h; configurable).
Restrict by roles, specific users, or per-email tokens (no login for recipients).
Require HTTPS for previews (on by default).
Per-link analytics: allowed/denied events, hashed IP, user agent (privacy-friendly).
Meta box in the editor (Post/Page by default; filterable) to generate, copy, and revoke.
“Revoke All” for a post.
Everything prefixed (srpl_), sanitized, and aligned with WordPress coding standards.
How it works
Each generated link has a unique token, TTL, and ACL:
Role-based Access: Requires login. Only users with allowed roles can view the preview.
User-based Access: Requires login. Only specific user IDs can access the preview.
Email Token Access: No login required. Recipients receive unique URLs with email verification tokens.
When a link is visited, SRPL validates the token, expiry, and ACL, then renders the draft with your theme’s header/footer. Events are logged (when enabled) to a small custom table (wp_srpl_events) with hashed IP for privacy.
Privacy
IPs are hashed using hash_hmac(sha256, ip, wp_salt('auth')).
You can disable analytics entirely under Settings → Secure Previews.
Developer Friendly
Fully documented filters and actions
Clean, object-oriented codebase
PSR-4 autoloading
Extensive inline documentation
Developer Documentation
Filters
srpl_supported_post_types – Modify post types that support preview links
srpl_default_ttl_hours – Change default expiration time (in hours)
srpl_force_ssl – Control whether previews are forced to use HTTPS
srpl_analytics_enabled – Enable or disable analytics collection
Functions
LinkManager::create($post_id, $args) – Create a new preview link
LinkManager::revoke($link_id) – Revoke a specific link
LinkManager::revoke_all_for_post($post_id) – Revoke all links for a post
LinkManager::find_by_token($token) – Find a link by its token
Database Structure
Post Meta for Links: _srpl_token, _srpl_mode, _srpl_roles, _srpl_users, _srpl_emails, _srpl_expires, _srpl_revoked, _srpl_hits, _srpl_last_access
Analytics Table: wp_srpl_events (link_id, post_id, user_id, outcome, ip_hash, ua, created_at)
License
This plugin is free software, licensed under the GPL v2 or later.
