Title: Secure Draft Preview Links Author: savedprompt Published: 2026 年 5 月 27 日 Last modified: 2026 年 5 月 27 日 --- 搜尋外掛 ![](https://ps.w.org/secure-draft-preview-links/assets/banner-772x250.png?rev=3550514) ![](https://ps.w.org/secure-draft-preview-links/assets/icon-256x256.png?rev=3550514) # Secure Draft Preview Links 由 [savedprompt](https://profiles.wordpress.org/savedprompt/) 開發 [下載](https://downloads.wordpress.org/plugin/secure-draft-preview-links.1.0.0.zip) * [詳細資料](https://tw.wordpress.org/plugins/secure-draft-preview-links/#description) * [使用者評論](https://tw.wordpress.org/plugins/secure-draft-preview-links/#reviews) * [安裝方式](https://tw.wordpress.org/plugins/secure-draft-preview-links/#installation) * [開發資訊](https://tw.wordpress.org/plugins/secure-draft-preview-links/#developers) [技術支援](https://wordpress.org/support/plugin/secure-draft-preview-links/) ## 外掛說明 **Secure Draft Preview Links** lets you generate a cryptographically secure, unguessable link for any draft post so that people without a WordPress account can read it before it goes live. #### How it works 1. Open any draft post or page in the editor. 2. Check **Enable public preview** in the Publish panel (Classic Editor) or Status& Visibility panel (Block Editor). 3. Copy the generated link and share it with anyone. 4. The recipient can view the draft without logging in. 5. Uncheck the box or set the expiry to **Expired** to revoke access immediately. #### Editor features * Works with both the **Classic Editor** and the **Block Editor** (Gutenberg). * Checkbox to enable / disable preview — shown even on auto-draft posts (disabled with a “save first” hint). * When a post is published the checkbox automatically disables and shows “Not available for published posts”. * Preview URL displayed in a monospace code box — horizontally scrollable, click to select all. * **Copy** button and **Open preview** button inline with the URL box. * **Generate new link** button — invalidates the old link immediately, with a confirmation step before firing. * **Stop sharing** confirmation bar — shown when unchecking the checkbox, requires explicit confirmation before removing the link. * Expiry selector with four options: - **48 hours** — default, shows exact time remaining (e.g. “Expires on: Apr 29 · 14:32 (4h 12m remaining)”). - **Always available** — link never expires. - **Custom time** — set Days, Hours, and Minutes; live “Expires on:” display updates as you type; shows error if all fields are cleared without saving. - **Expired (disable now)** — immediately invalidates the link without deleting the token. * Expiry settings auto-save on change with a “Expiry setting saved.” confirmation message. * Block Editor: snackbar notices for every action (enable, disable, copy, generate new link). * Block Editor: **Open public preview** item added to the Preview dropdown (WordPress 6.7+). #### Preview Links admin page * Dedicated **Preview Links** menu item in the WordPress admin sidebar. * Two tabs: **Active** and **Expired**, each showing a count badge. * **Paginated table** — 20 items per page, with top and bottom pagination controls. * Per-row columns: Post title, Post type, Exact expiry time, Preview URL, Share buttons, Actions. * **Copy URL** and **Open preview** icon buttons inline with the URL. * **Share buttons**: Facebook, X (Twitter), LinkedIn, Email — captions include the post title and expiry time (omitted for never-expires links). * **Regenerate** button — generates a new token with a confirmation dialog; old link stops working immediately. * **Stop Sharing** button — removes the token with a confirmation dialog. * **Edit Post** link opens in a new tab. * Confirmation dialogs use an inline modal (no browser `confirm()`) with clear messaging about consequences. * Toast notifications slide up from the bottom-right on every action. #### Security * Tokens are 64-character cryptographically random hex strings generated with ` random_bytes()`. * Token validation uses `hash_equals()` to prevent timing attacks. * Expired links return a **410 Gone** HTTP response. * Invalid tokens return a **403 Forbidden** HTTP response. * Preview link is automatically removed when a post is published, made private, or trashed. * All AJAX endpoints are protected with nonces and capability checks. * No data is exposed to unauthenticated users beyond the post content itself. #### Post list table * **Public Preview** badge shown next to post titles that have an active preview link. * **Public Preview** filter view in the post list table to quickly find all posts with active links. #### Technical * Works with all viewable public post types (posts, pages, and custom post types). * Pagination links on multi-page posts are rewritten to include the preview token. * Token meta is registered with the REST API for block editor compatibility. * No external dependencies — pure PHP, jQuery (Classic Editor), and WordPress’s own React/wp-components (Block Editor). ## 螢幕擷圖 [⌊Block Editor — Enable public preview checkbox in the Status & Visibility panel with URL code box and expiry settings.⌉⌊Block Editor — Enable public preview checkbox in the Status & Visibility panel with URL code box and expiry settings.⌉[ Block Editor — Enable public preview checkbox in the Status & Visibility panel with URL code box and expiry settings. [⌊Classic Editor — Enable public preview checkbox in the Publish meta box.⌉⌊Classic Editor — Enable public preview checkbox in the Publish meta box.⌉[ Classic Editor — Enable public preview checkbox in the Publish meta box. [⌊Preview Links admin page — Active tab with paginated table and share buttons.⌉⌊ Preview Links admin page — Active tab with paginated table and share buttons.⌉[ Preview Links admin page — Active tab with paginated table and share buttons. [⌊Preview Links admin page — Expired tab.⌉⌊Preview Links admin page — Expired tab .⌉[ Preview Links admin page — Expired tab. [⌊Confirmation dialog before generating a new link.⌉⌊Confirmation dialog before generating a new link.⌉[ Confirmation dialog before generating a new link. ## 安裝方式 1. Upload the `secure-draft-preview-links` folder to `/wp-content/plugins/`. 2. Activate the plugin through the **Plugins** screen in WordPress. 3. Open any draft post or page in the editor. ## 常見問題集 ### Does this work for custom post types? Yes. The panel appears on all viewable public post types automatically. ### What happens when the link expires? Visitors see a “Preview Link Expired” page with a 410 HTTP status. The token remains stored so you can see it in the Preview Links page, but it no longer grants access. ### Can I share the link with multiple people? Yes — the link is not tied to any specific user or session. ### What happens when the post is published? The preview token is automatically deleted and visitors are redirected to the live permalink. ### Is the preview link secure? Yes. Each token is a 64-character cryptographically random hex string generated with `random_bytes()`. It is validated using `hash_equals()` to prevent timing attacks. ### Can I set a custom expiry time? Yes. Choose **Custom time** from the expiry dropdown and enter Days, Hours, and Minutes. The link will stop working after that duration. You can also choose **Always available** for a link that never expires. ### How do I revoke access immediately? Either uncheck **Enable public preview** (and confirm in the dialog), or select ** Expired (disable now)** from the expiry dropdown. Both invalidate the link instantly. ### Can I regenerate the link without disabling it? Yes. Click **Generate new link** — after confirming, a new token is created and the old link stops working immediately. The expiry settings are preserved. ### Where can I see all my preview links? Go to **Preview Links** in the WordPress admin sidebar. It shows all active and expired links across all post types, with share buttons and management actions. ## 使用者評論 這個外掛目前沒有任何使用者評論。 ## 參與者及開發者 以下人員參與了開源軟體〈Secure Draft Preview Links〉的開發相關工作。 參與者 * [ savedprompt ](https://profiles.wordpress.org/savedprompt/) [將〈Secure Draft Preview Links〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/secure-draft-preview-links) ### 對開發相關資訊感興趣? 任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/secure-draft-preview-links/)、 查看 [SVN 存放庫](https://plugins.svn.wordpress.org/secure-draft-preview-links/), 或透過 [RSS](https://plugins.trac.wordpress.org/log/secure-draft-preview-links/?limit=100&mode=stop_on_copy&format=rss) 訂閱[開發記錄](https://plugins.trac.wordpress.org/log/secure-draft-preview-links/)。 ## 變更記錄 #### 1.0.0 * Initial release. * Secure token generation using `random_bytes()` with `hash_equals()` validation. * Works with Classic Editor and Block Editor (Gutenberg). * Custom expiry: 48 hours (default), always available, custom Days/Hours/Minutes, or expire immediately. * Live “Expires on:” display with exact time remaining. * Regenerate and stop-sharing actions with inline confirmation dialogs. * Preview Links admin page with Active/Expired tabs, pagination, and social share buttons (Facebook, X, LinkedIn, Email). * Auto-removal on publish, private, or trash. * “Public Preview” badge and filter view in the post list table. * Pagination support for multi-page posts. * Block Editor: snackbar notices, Preview dropdown menu item (WP 6.7+). * Disabled state with contextual hints for published posts and unsaved drafts. ## 中繼資料 * 版本 **1.0.0** * 最後更新 **1 個月前** * 啟用安裝數 **少於 10 次** * WordPress 版本需求 ** 6.5 或更新版本 ** * 已測試相容的 WordPress 版本 **6.9.4** * PHP 版本需求 ** 8.0 或更新版本 ** * 語言 * [English (US)](https://wordpress.org/plugins/secure-draft-preview-links/) * 標籤: * [draft](https://tw.wordpress.org/plugins/tags/draft/)[preview](https://tw.wordpress.org/plugins/tags/preview/) [preview link](https://tw.wordpress.org/plugins/tags/preview-link/)[public](https://tw.wordpress.org/plugins/tags/public/) [share](https://tw.wordpress.org/plugins/tags/share/) * [進階檢視](https://tw.wordpress.org/plugins/secure-draft-preview-links/advanced/) ## 評分 這個項目尚無任何評論記錄。 [Your review](https://wordpress.org/support/plugin/secure-draft-preview-links/reviews/#new-post) [查看全部使用者評論](https://wordpress.org/support/plugin/secure-draft-preview-links/reviews/) ## 參與者 * [ savedprompt ](https://profiles.wordpress.org/savedprompt/) ## 技術支援 使用者可在技術支援論壇提出意見反應或使用問題。 [檢視技術支援論壇](https://wordpress.org/support/plugin/secure-draft-preview-links/)