You can actually hook the built-in page/post password feature and set it up to check for url params that match page/post password, and then change the value of $required
to false
.
add_filter( 'post_password_required', 'my_allow_url_param', 10, 2 );
function my_allow_url_param( $required, $post ) {
if ( empty( $post->post_password ) ) {
$required = false;
return $required;
}
if ( $_GET['code'] == $post->post_password ) {
$required = false;
}
return $required;
}
If you had a page with the slug of /sample-page/
and in the admin set a password of Cf5aTgZqBz5h6g1y858eQmpTWizzHzZN
in the visibility setting on edit screen of that page, you could access it without logging in or typing a password with the following url:
http://sitename.com/sample-page/?code=Cf5aTgZqBz5h6g1y858eQmpTWizzHzZN