Description
Erdo Draft Links lets you generate a secure, token-based URL for any draft, private, or published post or page. Share it with clients, reviewers, or collaborators — they can read the content without needing a WordPress account.
Think of it like Google Docs’ “Anyone with the link can view” — but for WordPress.
How it works
- Open any post or page in the editor (Block Editor or Classic Editor).
- Click “Generate Draft Link” in the sidebar panel or meta box.
- Choose an expiry: 24 hours, 48 hours, 7 days, or never.
- Share the link. Recipients can view the content — no login needed.
Features
- Works with both the Block Editor (Gutenberg) and the Classic Editor
- Supports posts, pages, and any custom post type via a filter
- Secure 32-character cryptographic tokens — brute-force resistant
- Configurable expiry: 24 hours, 48 hours, 7 days, or no expiry
- View count tracking per link
- Revoke or regenerate any link at any time
- Tokens are stored hashed in the database — raw tokens are never stored after the redirect
- Two-step flow: token URL cookie clean permalink (token never appears in browser history)
- No external API calls, no phone-home, no subscriptions
- Translation-ready (English default, Turkish included)
Developer Notes
Developers can add support for custom post types using the erdo_draft_links_supported_post_types filter:
add_filter( 'erdo_draft_links_supported_post_types', function( $types ) {
$types[] = 'product';
return $types;
} );
Source Code
The full source code including build tools is included in the plugin’s assets/js/src/ directory.
Installation
- Upload the
erdo-draft-linksfolder to the/wp-content/plugins/directory. - Activate the plugin through the Plugins menu in WordPress.
- Open any post or page and find the Erdo Draft Links panel in the editor sidebar or meta box.
FAQ
-
Does this work with custom post types?
-
Yes. By default Erdo Draft Links supports posts and pages. Add more post types using the
erdo_draft_links_supported_post_typesfilter. -
Yes. Tokens are 32 characters of cryptographic randomness generated by WordPress’s built-in
wp_generate_password. The raw token appears in the URL only once — subsequent visits use a signed HttpOnly cookie. Tokens are stored as SHA-256 HMAC hashes in the database. -
What happens when a link expires?
-
The recipient sees a clear message: “This draft link has expired and is no longer accessible.” The post remains a draft — nothing is published.
-
Can I have multiple active links for the same post?
-
Currently one active link per post. Regenerating creates a new token and resets the view count.
-
Does this work with password-protected posts?
-
No. Erdo Draft Links is designed for draft and private posts. Password-protected posts use WordPress’s own mechanism.
-
Does this plugin affect site performance?
-
Erdo Draft Links only runs on requests that include a
?erdo_token=parameter or a valid session cookie. Normal site traffic is not affected.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Erdo Draft Links” is open source software. The following people have contributed to this plugin.
Contributors
Translate “Erdo Draft Links” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.1
- Fix: Replace deprecated
current_time('timestamp')withtime()for correct UTC handling.
1.0.0
- Initial release.