👑 Get Pro | Live Demo | Documentation | Support

Do you want to secure your WordPress site, to password protect pages, posts, WooCommerce categories, etc.❓ If so, then you need to install ✨the Password Protected plugin✨.

Password Protected is a robust password protection plugin for WordPress that empowers you to password protect entire posts, pages, WordPress categories, WooCommerce products, the WordPress login (wp-admin) page, and even partial content with ease.

Additionally, you can secure the password protected screen from WordPress attacks such as a WordPress brute force attack with the limit login feature.

Therefore, the Password Protected WordPress plugin ensures comprehensive security, covering everything from WordPress pages to WooCommerce products, all with a user-friendly interface.

Can the plugin password protect WooCommerce products?

Yes, you can password protect WooCommerce products or entire product categories.

Is my password protected content visible in Google search results?

No, password protected content is not visible to search engines like Google. The plugin prevents search engines from indexing protected content so that it remains private and accessible only to those with the password.

Does the plugin password protect specific pages or posts?

Yes, the Password Protected plugin allows you to secure individual pages or posts. You can set passwords for specific content.

Can I whitelist certain user roles for passwordless access?

Yes, the User Role Whitelisting feature allows you to give open (passwordless) access to specific user roles without requiring a password.

What is Partial Content Protection in WordPress?

Partial Content Protection lets you lock only specific sections of a page or post while keeping the rest publicly visible. You can use shortcodes to hide premium text, images, or downloads behind a password.

How can I password protect a section of a WordPress page or post?

Simply wrap the content you want to lock with the shortcode that you generate using the Password Protected plugin. Only visitors with the correct password will be able to see it.

Can I use Partial Content Protection with Elementor or Gutenberg?

Yes! It works seamlessly with Elementor, Gutenberg, and Beaver Builder. You can protect individual blocks, sections, or widgets without breaking your page design.

Does the plugin password protect wp-admin (WordPress admin login page)?

Yes, the WP-Admin Protection feature adds an extra layer of security to the WordPress admin dashboard. It prevents unauthorized access to your wp-admin.

What if I need to exclude certain pages or posts from password protection?

The plugin allows you to exclude specific pages, posts, or post types from password protection, ensuring that essential content like your homepage or contact page remains accessible to all visitors.

Does the plugin protect against brute-force attacks?

The Limit Login Attempts feature allows you to set the number of failed login attempts, which reduces the risk of brute-force attacks and enhances your site's security.

How can I enable feeds while the site is password protected?

In the settings, check the 'Allow Feeds' checkbox.

I cannot preview my changes in the Theme Customizer

You must be an administrator (have the manage_options capability) and in the Password Protected settings, check the 'Allow Administrators' checkbox.

How can I log out?

Just add a "password-protected=logout" query to your URL. eg. http://www.example.com/?password-protected=logout

I have forgotten the password. How can I disable the plugin?

If you go to your WordPress admin login page /wp-login.php and it shows the admin login fields, you should still be able to login and disable the plugin.

If the admin login screen instead shows the Password Protected field, you will need to access your site via SFTP/SSH and delete the Password Protected plugin folder in the plugins folder wp-content/plugins/password-protected.

How can I get customer support?

To contact our support team, click here and fill out the form with your full name, email address, the reason for contact, and details about the issue. Our support team will generally contact you within 24 hours.

How can I translate this plugin?

If you want to translate this plugin you can easily contribute to the Translating WordPress page. The stable plugin needs to be 90% translated for a language file to be available to download/update via WordPress.

2.8.1

• Update - Tested up to WordPress 7.0.
• Fixed - UI checkbox issue.

2.8.0

• Tested up to WordPress 6.9
• Improved code optimization

2.7.12

• Fixed - Fix the Vulnerability issued by WordFence.
• Fixed - Translation issue.

2.7.11

• Fixed: Translation issue
• Improved code optimization.

2.7.10

• Optimized code for better performance.
• Feedback SDK update.

2.7.9

• Improved code optimization.

2.7.8

• Fixed: compatibility with WordPress 6.8
• Added - Notice on transient/cookies settings recommended by WordFence team.

2.7.7

• Fixed - compatibility with elementor.

2.7.6

• Fixed: login with transient issue resolved.

2.7.5

• Fixed: login with transient issue resolved.

2.7.4

• New - Added functionality to login with transient if the cookies are blocked.
• Fixed: compatibility with WordPress 6.7

2.7.3

• New - Option to view password text in the field while entering.
• Improvement - Preserve custom URL parameters on password protected screen.

2.7.2

• Fix: Updated depreciated PHP function to make it compatible with the latest PHP version.
• Added: Login designer compatibility banner.
• Improvement: Implement few UI tweaks.

2.7.1

• Fixed - Disabled activity report by default.

2.7

• New: Added Password Activity Report to provide weekly insights on access attempts to your protected sites.
• New: Added Categoric Tabs and Sub-Tabs User Interface for easy navigation and better user experience.

2.6.8

• Fix: Gutenberg compatibility issue fixed - REST API was getting blocked

2.6.7

• Security: Patched two security improvements suggested by Wordfence team.
• Fix: Updated depreciated PHP function to make it compatible with the latest PHP version.
• Compatibility: Improved compatibility with Elementor.

2.6.6

• Improvement - Added support for HTML in the above and bottom text displayed in the password screen.

2.6.5.1

• Ensured seamless compatibility with the latest WordPress version

2.6.5

• Fixed - Login Designer compatibility issues.

2.6.4

• Fixed - Added compatibility for PHP version 8.2

2.6.3.2

• Update - Feedback library updated

2.6.3.1

• Fix - Parse error related to PHP version 7.2

2.6.3

• New - Added Freemius SDK integration.
• New - Added functionality to login with transient if the cookies are blocked.
• Fix – Fixed Redirect Issue from excluded page to password protected page.

2.6.2

• Fix – Parse error related to PHP version 7.2

2.6.1

• Fix – Parse error related to PHP version 7.2
• Update - Link to official Google Re-captcha documentation

2.6.0

• Improved admin settings interface and introduced NEW tabs structure.
• NEW: Added Google Recaptcha v2 and v3 to make it more secure.
• NEW: Added Password Protected top-level admin menu for ease.
• NEW: Added option to add text above password Field.
• NEW: Added option to add text below password Field.

2.5.3

• Improved Settings HTML structure
• Added Note regarding compatibility with login designer within dashboard

2.5.2

• Made compatibility with Login Designer; Now you can customize the password-protected screen with the customizer using login designer plugin.

2.5.1

• Fix - Author name conflict resolved

2.5

• Deprecate wp_no_robots and replace with wp_robots_no_robots for WordPress 5.7+

2.4

• Add a Nocache header to the login page redirect to prevent the browser from caching the redirect page. Props De'Yonte W.
• Remove ‘password-protected’ query from redirects on successful login or logout.
• Check "redirect_to" query var is set in hidden form field. Props Matthias Kittsteiner.
• Add favicon to password protected login page.

2.3

• Adds password_protected_cookie_name filter for the cookie name. Props Jose Castaneda.
• Let developers override the capability needed to see the options page via a password_protected_options_page_capability filter. Props Nicola Peluchetti.
• Don't use a "testcookie" POST query as it is blocked by Namecheap (and possibly other hosts).
• Fix warnings in W3 validator - script and style “type” attribute not required. Props @dianamurcia.
• Translations now via translate.wordpress.org.
• Updated URL references. Props Garrett Hyder.

2.2.5

• Added password_protected_login_password_title filter to allow customizing the "Password" label on the login form. Props Jeremy Herve.
• Fix stray "and" in readme. Props Viktor Szépe.
• Update Portuguese translation. Props Jonathan Hult.
• Update Russian translation. Props Alexey Chumakov.

2.2.4

• Check that $_SERVER['REMOTE_ADDR'] is set.

2.2.3

• Restrict REST-API-access only if password protection is active.
• Added viewport meta tag to login page.
• Added password_protected_show_login filter.
• Cookie name is not editable in the admin so display just for reference.
• Use default WordPress text domain for “Remember Me” and “Log In” buttons.

2.2.2

• Change locked admin bar icon to green.
• Fix REST option and always allow access to REST API for logged in users.

2.2.1

• Fixed PHP error when calculating cookie expiration date.

2.2

• Added admin bar icon to indicate wether password protection is enabled/disabled.
• Option to show "Remember me" checkbox. Props Christian Güdel.
• REST API access disabled if password not entered.
• Admin option to allow REST API access.
• More robust checking of password hashes.

2.1

• Update caching notes for WP Engine and W3 Total Cache plugin.
• Tested up to WordPress 4.8

2.0.3

• Declare methods as public or private and use PHP5 constructors.
• Show user's IP address beside "Allow IP Addresses" admin setting.
• Add CHANGELOG.md and README.md

2.0.2

• Check allowed IP addresses are valid when saving.
• Only redirect to allowed domain names when logging out.

2.0.1

• Split logout functionality into separate function.
• Security fix: Use a more complex password hash for cookie key. Props Marcin Bury, Securitum.

2.0

• Added password_protected_logout_link shortcode.
• Load 'password-protected-login.css' in theme folder if it exists.
• Added password_protected_stylesheet_file filter to specify alternate stylesheet location.
• Added is_user_logged_in(), login_url(), logout_url() and logout_link() methods.
• Added Basque, Czech, Greek, Lithuanian and Norwegian translations.
• Better handling of login/out redirects when protection is not active on home page.

1.9

• Fixed "Allow Users" functionality with is_user_logged_in(). Props PatRaven.
• Added option for allowed IP addresses which can bypass the password protection.
• Added 'password_protected_is_active' filter.

1.8

• Support for adding "password-protected-login.php" in theme directory.
• Allow filtering of the 'redirect to' URL via the 'password_protected_login_redirect_url' filter.
• Added 'password_protected_login_messages' action to output errors and messages in template.
• Updated translations.
• Use current_time( 'timestamp' ) instead of time() to take into account site timezone.
• Check login earlier in the template_redirect action.

1.7.2

• Fix always allow access to robots.txt.
• Added 'password_protected_login_redirect' filter.
• Updated translations.

1.7.1

• Fix login template compatibility for WordPress 3.9

1.7

• Remove JavaScript that disables admin RSS checkbox.
• Added 'password_protected_theme_file' filter to allow custom login templates.
• Add option to allow logged in users.

1.6.2

• Set login page not to index if privacy setting is on.
• Allow redirection to a different URL when logging out using 'redirect_to' query and full URL.

1.6.1

• Language updates by wp-translations.org (Arabic, Dutch, French, Persian, Russian).

1.6

• Robots.txt is now always accessible.
• Added support for Uber Login Logo plugin.

1.5

• Added note about WP Engine compatibility to readme.txt
• Requires WordPress 3.1+
• Settings now have their own page.
• Fixed an open redirect vulnerability. Props Chris Campbell.

1.4

• Add option to allow administrators to use the site without logging in.
• Use DONOTCACHEPAGE to try to prevent some caching issues.
• Added a contextual help tab for WordPress 3.3+.
• Updated login screen styling for WordPress 3.5 compatibility.
• Options are now on the 'Reading' settings page in WordPress 3.5

1.3

• Added checkbox to allow access to feeds when protection is enabled.
• Prepare for WordPress 3.5 Settings API changes.
• Added 'password_protected_before_login_form' and 'password_protected_after_login_form' actions.
• Added 'password_protected_process_login' filter to make it possible to extend login functionality.
• Now possible to use 'pre_update_option_password_protected_password' filter to use password before it is encrypted and saved.
• Ready for translations.

1.2.2

• Show login error messages.
• Escape 'redirect_to' attribute. Props A. Alagha.

1.2.1

• Added a "How to log out?" FAQ.
• Only disable feeds when protection is active.

1.2

• Use cookies instead of sessions.

1.1

• Encrypt passwords in database.

1.0

• First Release. If you spot any bugs or issues please log them here.

To install and configure this plugin...

1. Upload or install the plugin through your WordPress admin.
2. Activate the plugin via the 'Plugins' admin menu.
3. Configure the password options in the Password Protected settings.

Upgrading

If you are upgrading manually via FTP rather that through the WordPress automatic upgrade link, please de-activate and re-activate the plugin to ensure the plugin upgrades correctly.

Enable complete sitewide protection, whitelist IP address, and allow passwordless access.



Exclude pages, posts, and post types from protection.



Enable and create a bypass URL to get password free access with that link.



Create and manage multiple passwords for your protected site and content.



Enable and password protect specific or all pages, posts, and post types.



Enable and select user roles that should be whitelisted.



Google reCaptcha v2 and v3 settings.



The protected screen perfectly mimics the WordPress login.



The protected screen with reCaptcha v3.



The protected screen with reCaptcha v2.



Password Protect your WP login/WP admin.



Limit password attempts to enhance your WordPress site protection.



Stay informed with detailed activity logs for every password attempt.



Gain valuable insights through our exclusive Password Attempt Activity Report.



Effortlessly manage password requests and control access to protected content directly from the admin dashboard.