Excluding private/protected posts via IP

Bypass Password Protected Posts

You are, unfortunately right about the lack of filters, and hacking the core is inevitable. One solutions that seems to work revolves around the sanitize_post_field() function which fires off a number of interesting filters if its $context argument is not set to raw.

The template function that is responsible for deciding whether to show the password field or the content is http://core.trac.wordpress.org/browser/tags/3.2.1/wp-includes/post-template.php#L556

Notice how nice it would be to void the post_password? Let’s dig in…

See how the post is acquired through the get_post() function:
http://core.trac.wordpress.org/browser/tags/3.2.1/wp-includes/post.php#L370

The function contains no filters or actions to hook into, but sanitize_post_field() contains some filters that can be hooked into, and post_password goes through that function.

Please refer to the function http://core.trac.wordpress.org/browser/tags/3.2.1/wp-includes/post.php#L1676

Notice, however, that if $context == 'raw'; the function returns, and none of the filters are fired off. So a little core hack is required that will make the flow of the code reach those filters.

// wp-includes/post.php, line 557
-- $post = get_post($post);
++ $post = get_post($post, null, 'display');

Will force the $context to be anything but raw. This will permit to do something along the following lines:

function wpse31407_bypass_password( $value, $post_id, $context ) {
    $allowed_ips = array( '127.0.0.1', '255.255.255.255', ... );
    if (in_array( $_SERVER['REMOTE_ADDR'], $allowed_ips )) return '';
    else return $value;
}
add_filter( 'post_password', 'wpse31407_bypass_password', null, 3 );

This will effectively remove the password, so the test http://core.trac.wordpress.org/browser/tags/3.2.1/wp-includes/post-template.php#L556 if ( empty($post->post_password) ) is evaluated to true allowing you to bypass the password. There should be no implications by getting the post with a display context, as it is used only for the retrieval of the post_password.

You can as well create your own filter in the core around the post_password_required() function mentioned above, not to overcomplicate things, maybe. Up to you.

Bypass Private Posts

Now, as for private posts, refer to this bit or query.php http://core.trac.wordpress.org/browser/tags/3.2.1/wp-includes/query.php#L2649 as this is where the found post get stripped off of private entries.

And you’d be tempted to hook into the http://core.trac.wordpress.org/browser/tags/3.2.1/wp-includes/query.php#L2625 posts_results filter and go in and alter the post_status for each post from private to public… however, as you may have seen the get_post_status() function works on its own copy of a post that it gets from get_post()… …which again has no filters but sanitize_post_field() does, which again requires a $context of anything but raw. So again:

// wp-includes/post.php, line 563
-- $post = get_post($post);
++ $post = get_post($post, null, 'display');

And hook into a filter to trick the function into thinking that the post is published by doing this:

function wpse31407_bypass_private( $value, $post_id, $context ) {
    $allowed_ips = array( '127.0.0.1', '255.255.255.255', ... );
    if (in_array( $_SERVER['REMOTE_ADDR'], $allowed_ips )) return 'publish';
    else return $value;
}
add_filter( 'post_status', 'wpse31407_bypass_private', null, 3 );

Or wrap your own filter around the get_post_status() function.

Conclusion

Once you understand which parts of the core are responsible for blocking the posts you can attempt to modify them however you require, so I hope my long answer helps to an extent, and someone follows up with more tips and perhaps better solutions. Great question, got me digging and thinking.

Related Posts:

  1. How can I make it so the Add New Post page has Visibility set to Private by default?
  2. Forum plugin that allows private groups that are invite only [closed]
  3. Members Only site with Feed Keys
  4. How to handle admin and passwords requests from plugins developers?
  5. Show a special message for private page?
  6. How to create a plugin that notifies for updates?
  7. View Private Published Page with URL Code (no login required)
  8. Automatic updates of plugins and themes outside of wordpress.org
  9. Advice on setting up private site
  10. New admin account cant access plugins.php
  11. Exceeded the virtual memory limit
  12. Wp private content show me files attachments into post
  13. How to avoid plugin name conflicts from the upgrade notifier?
  14. Remove WordPress Toolbar buttons
  15. WP showing “warning: call_user_func_array()”, What to do?
  16. How can I dequeue a Plugin Stylesheet?
  17. Can a plugin cause permanent damage?
  18. Adding an admin page – OOP approach not working
  19. How can I pass a variable to wp_ajax action?
  20. Declare a function before plugin does on the theme functions.php file
  21. How to call a function in wordpress plugin from another site
  22. Activate Plugin which is in subfolder?
  23. How can i change an image’s author?
  24. NextGen Gallery – automatically create gallery sub page?
  25. How do I make images clickable so as to enlarge them using lightbox?
  26. WP Job Manager Category Drop-down; Change Placeholder Text Via Filter
  27. FacetWP group listings by custom field [closed]
  28. Plugin Paths Issue
  29. UnInstallation of a Plugin from a developers perspective – The correct and clean method
  30. Change wordpress current_time function to different timezone
  31. Remove Duplicator plugin from admin menu if not an administrator
  32. Plugin for a text modal box [closed]
  33. Restrict media upload size by format
  34. Creating custom HTML pages
  35. How to display the “ratingValue” and “ratingCount” values ​generated by the KK Star Ratings plugin into my page’s recipe ld+json schema
  36. Two problems on my WordPress installation [closed]
  37. Frontent user submit and view content [closed]
  38. Center and hide overflow of WP toolbar custom links
  39. How to move the “create new account” higher in woocommerce
  40. How can I add songs to my wordpress site? [closed]
  41. get_option error plugin development
  42. How to get the permanent link in a plugin?
  43. publish_post action doesn’t work
  44. wordpress content .php file in an iframe’s src in a wordpress post
  45. Meta Box by Rilwis, Load metabox on all page templates EXCEPT the homepage
  46. How to best create a jQuery Slider to display a native wordpress gallery?
  47. Best/Correct way to add an option to a category
  48. Help with WP Business Directory Manager Plugin?
  49. Adding rel=”nofollow” to external links in posts?
  50. Plugin that provides the [edit] shortcode?
  51. How do we update a custom file upload field with the Advanced Custom Field plugin?
  52. Loading a plugin’s js file from functions.php
  53. How-to: This block can only be used once
  54. Is there a way to convert shortcodes to html content?
  55. How to change WooCommece variation data programmtically [closed]
  56. Managing wordpress Themes & plugins for multisite
  57. Programmatically install and activate child-theme
  58. What makes it possible for a plugin to not able to delete?
  59. FancyBox JS stopped working on multiple sites. Custom plugin responsible. Urgent help needed
  60. How do I remove all traces of a plugin?
  61. How can I add rel=”nofollow” attributes on RSS widgets?
  62. Anyone know of a plugin for WordPress that uses osCommerce? [closed]
  63. Elementor Pro display featured image on section -> style -> image using shortcode
  64. WordPress – send digital product with custom email
  65. My CPU usage in A2 Hosting Shared Plan (Turbo Boost) is high due to mysql query!
  66. Funds Performance system
  67. German Market: How can I only show the imprint in the footer of the mail? [closed]
  68. How can replace this url
  69. Plugin Update History
  70. Display Multiple Photos as Featured Image when mouse moves on to it post
  71. How to overwrite a plugin?
  72. Issue Saving Posts That Contain Shortcode
  73. SimpleXML is not working with xml response from external api
  74. Use action, filter, or hook to append HTML to WordPress plugin function
  75. How to use get_blogs_of_user?
  76. Custom wp_list_tables redirect on specfic page
  77. On button click, redirect users to registration page instead of another page
  78. Create API for registering user on wordpress site with 3rd party site
  79. Hook to display element as product on category page
  80. No result after wpdb->insert
  81. I can’t use WP_Query
  82. Fatal error: Out of memory with the Duplicator plugin
  83. Fetching users data from REST API
  84. WP Plugin: Print javascript in header
  85. Category archive in menu
  86. WordPress filter function using query modifications
  87. Trying to override/intercept a PhotoMosaic gallery link in WordPress using jQuery
  88. How can I Customize My WordPress Admin Dashboard into Dark Mode?
  89. Add custom fields in the new and edit the site forms without touching the WP core
  90. Plugin use of ajax/jquery depending dropdown
  91. Extend WordPress REST API with Scheme Pro Plugin
  92. How to submit the custom form data in database in WordPress without plugin?
  93. Create Landing Page With Login or Subscribe Form [duplicate]
  94. Filter orders by product in admin
  95. Sorting/Ordering Poll Plugin?
  96. Get URL for featured image for posts? [closed]
  97. Windows 10 Printer that Sends to WordPress [closed]
  98. How to Order Posts by Taxonomy in Jetengine Plugin
  99. Detect if user is on the specific page in WordPress
  100. A multi-section WordPress store [closed]