AccessByQueryString by Robin S

Grant/deny access to pages according to query string.

Access By Query String

A module for ProcessWire CMS/CMF. Grant/deny access to pages according to query string.

Allows visitors to view protected pages by accessing the page via a special URL containing an "access" GET variable. This allows you to provide a link to selected individuals while keeping the page(s) non-viewable to the public and search engines. The recipients of the link do not need to log in so it's very convenient for them.

The view protection does not provide a high level of security so should only be used for non-critical scenarios. The purpose of the module was to prevent new websites being publicly accessible before they are officially launched, hence the default message in the module config. But it could be used for selected pages on existing websites also.

Once a visitor has successfully accessed a protected page via the GET variable then they can view any other page protected by the same access rule without needing the GET variable for that browsing session.


Install the Access By Query String module.

Select any roles you want to be exempt from the access restrictions imposed by this module. Superusers are always exempt.

Define access rules in the format [GET variable]??[selector], one per line.

As an example the rule...

rumpelstiltskin??template=skills, title~=gold

...means that any pages using the "skills" template with the word "gold" in the title will not be viewable unless it is accessed with ?access=rumpelstiltskin in the URL. So you could provide a view link like to selected individuals.

Or you could limit view access to the whole frontend with a rule like...


To temporarily disable an access rule, start the line with two forward slashes, e.g.


You can choose what happens when a protected page is visited without the required GET variable:

  • Replace the rendered markup
  • Throw a 404 exception

If replacing the rendered markup you can define a meta title and message to be shown. Or if you want to use more advanced markup you can hook AccessByQueryString::replacementMarkup().

$wire->addHookAfter('AccessByQueryString::replacementMarkup', function(HookEvent $event) {
    // Some info in hook arguments if needed...
    // The page that the visitor is trying to access
    $page = $event->arguments(0);
    // An array of access keys that apply to the page
    $access_keys = $event->arguments(1);
    // The title
    $title = $event->arguments(2);
    // The message
    $message = $event->arguments(3);

    // Return some markup
    $event->return = 'Your markup';



Install and use modules at your own risk. Always have a site and database backup before installing new modules.

Latest news

  • ProcessWire Weekly #512
    In the 512th issue of ProcessWire Weekly we'll check out what's new in the core this week, introduce a new commercial third party module called MembersMessaging, and more. Read on! / 2 March 2024
  • Using date range fields in ProcessWire
    This week we'll take a detailed look at the newest addition to the ProFields set of modules: the Date Range Fieldtype and Inputfield.
    Blog / 24 November 2023
  • Subscribe to weekly ProcessWire news

“We chose ProcessWire because of its excellent architecture, modular extensibility and the internal API. The CMS offers the necessary flexibility and performance for such a complex website like ProcessWire offers options that are only available for larger systems, such as Drupal, and allows a much slimmer development process.” —xport communication GmbH