Password protected area in WordPress

If you ever need to set up a simple password protected area in WordPress, these snippets and plugins might come in handy when you’re hacking through your theme.

I believe this would be the logical approach: you create a main password protected page for your private section and then you create a bunch of child pages under that page. This way you’ll be using native WordPress functionality (page organization and page visibility) for most of your private section.

But you may find that a couple of patches will be in order.

WordPress Plugins

FT Password Protect Children Pages

One thing you will not want will be to have to password protect each subpage individually. You’ll just want to set a password for the main parent page and have all its child pages inherit the password protection. This plugin does exactly that.

Page Template Extended

Similarly, if you decide to use a specific page template for the protected section, it would be ideal to just set the page template to the main parent page and not have to worry about setting it for each of its child pages. This plugin makes subpages inherit their parents template.

Logout Password Protected Posts

You’ll also need a log out link that WordPress doesn’t provide by default. After installing this plugin you’ll be able to use <?php do_action(‘posts_logout_link’); ?> anywhere in your WordPress theme to produce the log out link.

Listing the subpages

Use this code in your theme to display the main parent page as a heading and the child pages below it: http://snipt.org/ugjai6

If you’ve created a page template for your protected pages, you can use the code above in it to give your users a navigation between the subpages.

A couple of snippets for functions.php

Change the default password protected text

The default text on password protected posts or pages is This post is password protected. To view it please enter your password below. Should you wish to change this text, add the following code to your theme’s functions.php file: http://snipt.org/ugjaj0

Change the part where it says “This is my custom text…” in the code above.

Remember: never edit WordPress core files. Either use a plugin or use the functions.php file and filter your changes in from there.

Remove the word “Private:” from the titles

By default the titles of the password protected pages are preceded by the word “Private:” (followed by a colon). To prevent this from happening, add the following filter to your theme’s functions.php file: http://snipt.org/ugjk0

Posted in blog Tagged with: ,
18 comments on “Password protected area in WordPress
  1. Ruth says:

    Hi. This is a great tutorial, really simply explained. I was just wondering if anyone could answer a question for me – would the user have to log in every time they visit a protected page. Or do they only have to enter it once each time they visit the visit? I’m assuming that since you have a logout button, it means they can remain logged in and enter the password just once, but wanted clarification before jumping in.

    Thanks again for the great post.

    • Stefan Matei says:

      Hi Ruth! The user won’t have to login every time they visit a protected page. WordPress sets a cookie and the user is remembered for a certain amount of time — 10 days if I remember correctly.

  2. Robyn says:

    Can you add a text link in your password protected text? For example, I want it to say “This page is password protected. To view it please enter your password below. Not a member? Click here.” I’d like to have “Click here” take them to my page where they can sign up and get a password.

    • Stefan Matei says:

      Sure you can, just edit the HTML in that custom_password_form function, the part where it says: This is my custom text for the password protected items. –and replace it with your own text plus the HTML for the link you need.

  3. Katy says:

    Hi,

    This is exactly what I was hoping WordPress could do, but I’m having issues. The parent page I want to protect, even though it says it’s protected, seems to not be protected (http://bqbpublishing.com/bqb-authors-portal/). How do I fix this? The page is listed as password protected with a password on my dashboard, but as you can see if you click on the link, it’s obviously not protected. Help!

    Thanks,
    Katy

    • Stefan Matei says:

      Hey Katy!

      I tried accessing your link and got: “This post is password protected. To view it please enter your password below”

      So I guess you either did something to fix that or it was protected all along — you just weren’t seeing it because you were logged in (you had already entered the password).

  4. Katy says:

    Hmm! Well, I guess it’s working then! Even when I log out and close all my windows, I can still see the page. Maybe I need to clear my cookies. I’m glad that it worked correctly for you though. So, thanks!

  5. Katy says:

    Perfect! It worked perfectly when I tried it in IE. Thank you! (Obviously, I’m figuring this out as I go, and I really, really appreciate this information!)

  6. Des says:

    This is all fine, but say I wanted to just have one password protected page and put documents on this page to be downloaded. Obviously I only want the people who have access to the password protected page to see and be able to download these documents. But if someone smart knew the actual link to the document, couldn’t they use any search engine to find it? How can I guarantee that the downloadable documents I put on this password protected page do not show up in any search engine.

    • Stefan says:

      If you’re thinking of using WP’s password protected pages for documents (files), the short answer would be: don’t, it’s not completely secure.

      Your documents shouldn’t show up in search engines just because they’re being linked to on the protected page — the search engine spiders won’t have access to the contents of the protected page so they won’t find/index the links to the documents.
      But that doesn’t guarantee your documents’ protection… one of your users (that has access to the page) could give the direct links to documents to other people. They could also post the direct links on a public web page and Google would index them from there.

      So the long answer would be: do a risk analysis and decide wether it’s worth it or if you should look for a solution (a plugin perhaps) that restricts access to the actual downloadable files.

  7. Frances Wolf says:

    Also, the wp_link_pages() links the child pages. This is something which we insert from the “Insert Page Break” from our WordPress Editor. More info about it here .

  8. B says:

    Hi Stefan,

    For the logout ‘password protected posts plugin’, if you type in an incorrect password, the log out button appears. I only want it to appear once a user has successfully logged in. Any suggestions for this?

    Also, when using the ‘Change the default password protected text’ snippet, it outputs a second password form at the very top of the site after the body tag. Any idea how to avoid that?

    Thanks!

  9. Phil Selwood says:

    Hello Stefan

    Do you know if the plugin FT Password Protect Children Pages works ok with 3.5?

    Regards

    Phil

  10. Andy Denton says:

    Hi Stefan

    Thanks for the great advice – I am trying to do a password protected area on my blog and your explanation above is excellent – however it would appear some of the code snippets are missing in the text above where you reference functions.php

    Would there be any chance of you putting them up there again or emailing me with them? – any help much appreciated

    Best regards

    Andy

    • Stefan Matei says:

      Thanks for letting me know about that Andy. Until I find out what got broken and why the code snippets aren’t embedded in the post anymore, I just added plain links to snipt.org.