Skip to content
  • Log In
  • Register
WordPress.org

English (Canada)

  • Themes
  • Plugins
  • News
  • About
  • Join the Team
  • Style Guide
  • Get WordPress
Get WordPress

Plugins

  • My Favourites
  • Beta Testing
  • Developers
Download

Password Protected

By WPExperts
  • Details
  • Reviews
  • Installation
  • Support
  • Development

Description

A very simple way to quickly password protect your WordPress site with a single password.

This plugin only protects your WordPress generated content. It does not protect images or uploaded files so if you enter and exact URL to in image file it will still be accessible.

Features include:

  • Password protect your WordPress site with a single password.
  • Option to allow access to feeds.
  • Option to allow administrators access without entering password.
  • New 👉 Now you can customize the whole password protected screen including the background, font, logo, color e.t.c.

Please note, this plugin works by setting a cookie to allow access to the site. If you are using a caching plugin or web hosting such as WP Engine that has in-built caching, you will need to configure the caching service to be disabled if the Password Protected cookie is set.

Translations

If you would like to translate this plugin you can easily contribute at the Translating WordPress page. The stable plugin needs to be 95% translated for a language file to be available to download/update via WordPress.

Screenshots

  • Login page perfectly mimicks the WordPress login.
  • Password Protected settings page.

Installation

To install and configure this plugin


  1. Upload or install the plugin through your WordPress admin.
  2. Activate the plugin via the ‘Plugins’ admin menu.
  3. Configure the password options in the Password Protected settings.

Upgrading

If you are upgrading manually via FTP rather that through the WordPress automatic upgrade link, please de-activate and re-activate the plugin to ensure the plugin upgrades correctly.

FAQ

How can I change the WordPress logo to a different image?

Install and configure the Login Logo plugin by Mark Jaquith or the Uber Login Logo plugin. This will change the logo on your password entry page AND also your admin login page.

How can I enable feeds while the site is password protected?

In the settings, check the ‘Allow Feeds’ checkbox.

Can I prevent administrators having to enter password?

In the settings, check the ‘Allow Administrators’ checkbox.

I cannot preview my changes in the Theme Customizer

You must be an administrator (have the manage_options capability) and in the Password Protected settings, check the ‘Allow Administrators’ checkbox.

How can I log out?

Just add a “password-protected=logout” query to your URL.
eg. http://www.example.com/?password-protected=logout

I have forgotten the password. How can I disable the plugin?

If you go to your WordPress admin login page /wp-login.php and it shows the admin login fields, you should still be able to login and disable the plugin.

If the admin login screen insteads shows the Password Protected field, you will need to access your site via SFTP/SSH and delete the Password Protected plugin folder in the plugins folder wp-content/plugins/password-protected.

How can I redirect to a different domain name when logging out?

If passing a redirect URL using ‘redirect_to’ when logging out you need you may need to use the allowed domain names filter to allow redirecting to an external domain.

Where can I report bugs and issues?

Please log issues and bugs on the plugin’s GitHub page.
You can also submit suggested enhancements if you like.

How can I contribute?

If you can, please fork the code and submit a pull request via GitHub. If you’re not comfortable using Git, then please just submit it to the issues link above.

How can I translate this plugin?

If you would like to translate this plugin you can easily contribute at the Translating WordPress page. The stable plugin needs to be 90% translated for a language file to be available to download/update via WordPress.

Reviews

use it on all my dev sites ❀

jnz31 June 28, 2022
never disappointed.

Great plugin

FGU Nord / Lars March 3, 2022
Great plugin I use it when bulding staging-sites. Nice that this plugin prevents search engines indexing the site 🙂 (some kind of extra security would be nice) //Lars, Copenhagen

Beware: Site got hacked because of exploit related to this plugin

Rob Thijs February 14, 2022
It always worked fine, but last month it has been infected with malware to launch phishing attacks. Even though wp/site and plugins were updated. Be very careful.

Best of its kind

Hugh Lashbrooke September 16, 2021
This plugin does exactly what it says it will be with no fuss. It is clean and focused and includes just the features you need without unnecessary cruft. I have used it on multiple sites to great effect.

Exactly what i was looking for

astiereric May 7, 2021
Exactly what i was looking for, thank you so much for this plugin

Solved Cookie and Cache

leeersin April 4, 2021
Very simple plugin and easy to set up. Thanks :@) I just wanted to share the fact that Lightspeed Cache has a facility to add a log in cookie. This is under lightspeed cache/settings/advanced Initially this plugin did not work properly due to cacheing problems highlighted in the plugin page. After adding the cookie id to lightspeed cache/settings/advanced it works just fine. The only thing that does not function is the Remember Me function. It is present on the log in page and can be set to remember for x days in setting, but does not work i.e. another log in is required if a user leaves the website. Hope this helps someone out there...
Read all 91 reviews

Contributors & Developers

“Password Protected” is open source software. The following people have contributed to this plugin.

Contributors
  • WPExperts.io

“Password Protected” has been translated into 19 locales. Thank you to the translators for their contributions.

Translate “Password Protected” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

2.5.3

  • Improved Settings HTML structure
  • Added Note regarding compatibility with login designer within dashboard

2.5.2

  • Made compatibility with login designer; Now you can customize the password-protected screen with the customizer using login designer plugin.

2.5.1

  • Fix – Author name conflict resolved

2.5

  • Deprecate wp_no_robots and replace with wp_robots_no_robots for WordPress 5.7+

2.4

  • Add a Nocache header to the login page redirect to prevent the browser from caching the redirect page. Props De’Yonte W.
  • Remove ‘password-protected’ query from redirects on successful login or logout.
  • Check “redirect_to” query var is set in hidden form field. Props Matthias Kittsteiner.
  • Add favicon to password protected login page.

2.3

  • Adds password_protected_cookie_name filter for the cookie name. Props Jose Castaneda.
  • Let developers override the capability needed to see the options page via a password_protected_options_page_capability filter. Props Nicola Peluchetti.
  • Don’t use a “testcookie” POST query as it is blocked by Namecheap (and possibly other hosts).
  • Fix warnings in W3 validator – script and style “type” attribute not required. Props @dianamurcia.
  • Translations now via translate.wordpress.org.
  • Updated URL references. Props Garrett Hyder.

2.2.5

  • Added password_protected_login_password_title filter to allow customizing the “Password” label on the login form. Props Jeremy Herve.
  • Fix stray “and” in readme. Props Viktor SzĂ©pe.
  • Update Portuguese translation. Props Jonathan Hult.
  • Update Russian translation. Props Alexey Chumakov.

2.2.4

  • Check that $_SERVER['REMOTE_ADDR'] is set.

2.2.3

  • Restrict REST-API-access only if password protection is active.
  • Added viewport meta tag to login page.
  • Added password_protected_show_login filter.
  • Cookie name is not editable in the admin so display just for reference.
  • Use default WordPress text domain for “Remember Me” and “Log In” buttons.

2.2.2

  • Change locked Toolbar icon to green.
  • Fix REST option and always allow access to REST API for logged in users.

2.2.1

  • Fixed PHP error when calculating cookie expiration date.

2.2

  • Added Toolbar icon to indicate wether password protection is enabled/disabled.
  • Option to show “Remember me” checkbox. Props Christian GĂŒdel.
  • REST API access disabled if password not entered.
  • Admin option to allow REST API access.
  • More robust checking of password hashes.

2.1

  • Update caching notes for WP Engine and W3 Total Cache plugin.
  • Tested up to WordPress 4.8

2.0.3

  • Declare methods as public or private and use PHP5 constructors.
  • Show user’s IP address beside “Allow IP Addresses” admin setting.
  • Add CHANGELOG.md and README.md

2.0.2

  • Check allowed IP addresses are valid when saving.
  • Only redirect to allowed domain names when logging out.

2.0.1

  • Split logout functionality into separate function.
  • Security fix: Use a more complex password hash for cookie key. Props Marcin Bury, Securitum.

2.0

  • Added password_protected_logout_link shortcode.
  • Load ‘password-protected-login.css’ in theme folder if it exists.
  • Added password_protected_stylesheet_file filter to specify alternate stylesheet location.
  • Added is_user_logged_in(), login_url(), logout_url() and logout_link() methods.
  • Added Basque, Czech, Greek, Lithuanian and Norwegian translations.
  • Better handling of login/out redirects when protection is not active on home page.

1.9

  • Fixed “Allow Users” functionality with is_user_logged_in(). Props PatRaven.
  • Added option for allowed IP addresses which can bypass the password protection.
  • Added ‘password_protected_is_active’ filter.

1.8

  • Support for adding “password-protected-login.php” in theme directory.
  • Allow filtering of the ‘redirect to’ URL via the ‘password_protected_login_redirect_url’ filter.
  • Added ‘password_protected_login_messages’ action to output errors and messages in template.
  • Updated translations.
  • Use current_time( ‘timestamp’ ) instead of time() to take into account site timezone.
  • Check login earlier in the template_redirect action.

1.7.2

  • Fix always allow access to robots.txt.
  • Added ‘password_protected_login_redirect’ filter.
  • Updated translations.

1.7.1

  • Fix login template compatibility for WordPress 3.9

1.7

  • Remove JavaScript that disables admin RSS checkbox.
  • Added ‘password_protected_theme_file’ filter to allow custom login templates.
  • Add option to allow logged in users.

1.6.2

  • Set login page not to index if privacy setting is on.
  • Allow redirection to a different URL when logging out using ‘redirect_to’ query and full URL.

1.6.1

  • Language updates by wp-translations.org (Arabic, Dutch, French, Persian, Russian).

1.6

  • Robots.txt is now always accessible.
  • Added support for Uber Login Logo plugin.

1.5

  • Added note about WP Engine compatibility to readme.txt
  • Requires WordPress 3.1+
  • Settings now have their own page.
  • Fixed an open redirect vulnerability. Props Chris Campbell.

1.4

  • Add option to allow administrators to use the site without logging in.
  • Use DONOTCACHEPAGE to try to prevent some caching issues.
  • Added a contextual help tab for WordPress 3.3+.
  • Updated login screen styling for WordPress 3.5 compatibility.
  • Options are now on the ‘Reading’ settings page in WordPress 3.5

1.3

  • Added checkbox to allow access to feeds when protection is enabled.
  • Prepare for WordPress 3.5 Settings API changes.
  • Added ‘password_protected_before_login_form’ and ‘password_protected_after_login_form’ actions.
  • Added ‘password_protected_process_login’ filter to make it possible to extend login functionality.
  • Now possible to use ‘pre_update_option_password_protected_password’ filter to use password before it is encrypted and saved.
  • Ready for translations.

1.2.2

  • Show login error messages.
  • Escape ‘redirect_to’ attribute. Props A. Alagha.

1.2.1

  • Added a “How to log out?” FAQ.
  • Only disable feeds when protection is active.

1.2

  • Use cookies instead of sessions.

1.1

  • Encrypt passwords in database.

1.0

  • First Release. If you spot any bugs or issues please log them here.

Meta

  • Version: 2.5.3
  • Last updated: 4 months ago
  • Active installations: 300,000+
  • WordPress Version: 4.6 or higher
  • Tested up to: 6.0.2
  • PHP Version: 5.6 or higher
  • Languages:

    Albanian, Catalan, Czech, Dutch, Dutch (Belgium), English (Canada), English (UK), English (US), Finnish, French (France), Galician, German, Greek, Japanese, Norwegian (BokmÄl), Portuguese (Portugal), Russian, Spanish (Spain), Spanish (Venezuela), and Swedish.

    Translate into your language

  • Tags:
    loginpasswordPassword Protectprotect
  • Advanced View

Ratings

See all
  • 5 stars 76
  • 4 stars 3
  • 3 stars 4
  • 2 stars 3
  • 1 star 5
Log in to submit a review.

Contributors

  • WPExperts.io

Support

Issues resolved in last two months:

0 out of 4

View support forum

  • About
  • News
  • Hosting
  • Donate
  • Support
  • Developers
  • Get Involved
  • Learn
  • Showcase
  • Plugins
  • Themes
  • Patterns
  • WordCamp
  • WordPress.TV
  • BuddyPress
  • bbPress
  • WordPress.com
  • Matt
  • Privacy
  • Public Code
WordPress.org
WordPress.org

English (Canada)

  • Visit our Facebook page
  • Visit our Twitter account
  • Visit our Instagram account
  • Visit our LinkedIn account
Code is Poetry