Password protect URLs

I have a Wordpress site set up with download links that either could be set as external URLs or links to media items uploaded to Wordpress. I would like to password protect these, so clicking a download link would prompt you with an input field for a password, and when entering the correct password, you would be redirected to the external URL or the WP media URL. This should not be connected to user authentication, so you should be able to click these links as a logged out user and as long as you know the password, it should be possible to download them. How would you suggest doing this?

It would not be possible of course to directly password protect an external link, you would still be able to visit the link directly from the moment you know what the protected URL is, but it would at least hide the URL for users that don't know the password until they've entered the correct one.

Currently I don't have any concrete code for this, but I have one concept for a method that I'm thinking could work and would like to get your opinion on this.

I'm thinking that one solution could be to use some kind of encode/decode function that is based on the password. The password could for example be set using ACF on an option page in the admin. So the download link would then for example be https://domain.com/download/?link=DECODED URL and if you enter the correct password and submit, some PHP code connected to the form of the password input would decode the link parameter using the password as the salt/key for the decoding and then redirect you to that URL. Do you see any problems with this method?

Topic password php Wordpress

Category Web

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.