Back to blog

Any post or page you publish in WordPress becomes visible to the public by default. In other words, a post or page has a default visibility status, based on the settings of a Edit Post Screen in the Publish box.

Password-Protect Your WordPress Content

The simple codes and options described below will help you to customize your WordPress posts` visibility. No more than five minutes of your time will protect your posts from being viewed by the people for whom they are not addressed to. Be attentive and paste the code correctly to avoid problems with the password form.

Post Visibility Settings

WordPress also ffers two less public options for Content Visibility of your posts. Click “Edit” next to Visibility: Public and you will see a three buttons:

  • “Public” is selected by default setup
  • Clicking on “Password protected” button will show you a password text field, you can set a password a 20 characters maximum. It will be required to view that post.
  • If you click on “Private” button, your post will be visible only to Administrators or Editors of your site.

When finished, click the “OK” button. You will see the new setting of your post, e.g., Visibility: Private. Pay attention: a settings will not change until you click “Publish” (or “Update” if the post is already exists).

Changing or Finding a Password

Only your site’s Users with the role of Administrator or Editor or the post’s Author himself can change a visibility setting or a password. If needed, use the “Visibility: Edit” button again. Also, you can do it through the All Posts Screen using the post’s Quick Edit button.  The Visibility “Edit” button (or “Quick Edit”) is also useful if you want to restore the forgotten password.

Posts Protected by a Password

WordPress differently displays password-protected posts. The following changes can be applied to the post:

  • Title comes with the text “Protected: ” before the Title of the post.
  • The text “There is no excerpt because this is a protected post” instead of the post Excerpt.
  • The text: “This post is password protected. To view it please enter your password below” instead of the post Content. Also, there is a field to enter a password.
Many Pages and Posts Protected by a Password

This password is being stored in a browser cookie so you would not have to enter it next time. Moreover, to access every post in multiple posts if they use the same password, the reader will only have to enter the password once.

If two posts use two different passwords, entering the password for the first post, then entering the password for the second post means that changing the first post (or any other post which uses its password) will require the user to re-enter the password for post A since WordPress will only track one password at a time.

Custom Fields Protection

Password-protected post’s Excerpt or Content will not be printed until you enter the correct password. However, you can still view the post Custom Field data since it is not protected. To make CFs invisible”, wrap your get_post_meta calls (for example in page.php or single.php) use a conditional command: post_password_required. It checks both whether the correct password has been provided and whether your post requires a password:


if ( ! post_password_required() ) {
// Code to fetch and print CFs, such as:
$key_1_value_1 = get_post_meta( $post->ID, ‘key_1’, true );
echo $key_1_value_1;

The post_password_required function can be also useful for other customizations. You may use it to prevent password-protected posts from being displayed in a list.

Protected Text Customization

Using WordPress Filters will help you to change the default text for the password-protected post Excerpt, insert the password form into the post Excerpt and change the default text in the password form. Just add the code to the php file of your WordPress Theme’s functions.

Text of a Password Form

By default the password form displays this message: “This post is password protected. To view it please enter your password below:” The following code resets the form with different html structure and different text to defaults. For example, the custom message is: “Enter the password below in order to view this password protected post”:

function my_password_form() {
global $post;
$label = ‘pwbox-‘.( empty( $post->ID ) ? rand() : $post->ID );
$o = ‘<form action=”‘ . esc_url( site_url( ‘wp-login.php?action=postpass’, ‘login_post’ ) ) . ‘” method=”post”>
‘ . __( “Enter the password below, to view this protected post:” ) . ‘
<label for=”‘ . $label . ‘”>’ . __( “Password:” ) . ‘ </label><input name=”post_password” id=”‘ . $label . ‘” type=”password” size=”20″ maxlength=”20″ /><input type=”submit” name=”Submit” value=”‘ . esc_attr__( “Submit” ) . ‘” />
return $o;
add_filter( ‘the_password_form’, ‘my_password_form’ );

Pay attention: do not use echo or print; the my_password_form function must return a value.

Limitation of Password Size

Due to database constraints, WordPress will only save the 20 characters. So when replacing the password protection form, make sure you set the maxlength parameter to the value of 20.

Protected Excerpt Text

Excerpt of a password-protected post by default is: “There is no excerpt because this is a protected post.” Use the following code to replace standard text with your own. You can also use HTML:

function my_excerpt_protected( $excerpt ) {
if ( post_password_required() )
$excerpt = ‘<em>[This is password-protected.]</em>’;
return $excerpt;
add_filter( ‘the_excerpt’, ‘my_excerpt_protected’ );

The part  “<em>[This is password-protected.]</em>” should be replaced with your custom password-protected Excerpt message.

It will return the default setup to customizations you have made like WordPress password form and text. Read their function definitions in wp-includes/post-template.php. to better understand how get_the_password_form() and post_password_required() work.  In this same file you will also find the the_password_form, the_excerpt filters, get_the_content(), the functions get_the_excerpt() and get_the_title(). Depending on post’s visibility settings, these functions control how the content, title and excerpt are displayed.

How to hide Password Protected Posts

Sometimes, it is necessary to hide your password protected posts to make them “invisible” without showing up on other places around your site, like archive pages or the home page. Place the following code in your theme’s functions.php to do it without affecting your pagination:


// Filter to hide protected posts
function exclude_protected($where) {
global $wpdb;
return $where .= ” AND {$wpdb->posts}.post_password = ” “;

// Decide where to display them
function exclude_protected_action($query) {
if( !is_single() && !is_page() && !is_admin() ) {
add_filter( ‘posts_where’, ‘exclude_protected’ );

// Action to queue the filter at the right time
add_action(‘pre_get_posts’, ‘exclude_protected_action’);


This code works in two parts: the first part adds a filter to admin pages as well as all pages except single posts. The second part using command the posts_where filter effectively removes any password protected posts directly from any SQL query that WordPress is running.


Popular Posts

Like This Article? Subscribe to Our Monthly Newsletter!

Comments are closed.