Password Protected

Wordpress Plugin
Download latest - 2.5.3

Developers

wpexpertsio
husobj

Download Stats

Today 434
Yesterday 659
Last Week 4,315
All Time 830,074
Banner 772x250

A very simple way to quickly password protect your WordPress site with a single password.

This plugin only protects your WordPress generated content. It does not protect images or uploaded files so if you enter and exact URL to in image file it will still be accessible.

Features include:

  • Password protect your WordPress site with a single password.
  • Option to allow access to feeds.
  • Option to allow administrators access without entering password.
  • New Now you can customize the whole password protected screen including the background, font, logo, color e.t.c.

Please note, this plugin works by setting a cookie to allow access to the site. If you are using a caching plugin or web hosting such as WP Engine that has in-built caching, you will need to configure the caching service to be disabled if the Password Protected cookie is set.

Translations

If you would like to translate this plugin you can easily contribute at the Translating WordPress page. The stable plugin needs to be 95% translated for a language file to be available to download/update via WordPress.


Releases (33 )

Version Release Date Change Log
2.5.3 2022-06-17
  • Improved Settings HTML structure
  • Added Note regarding compatibility with login designer within dashboard
2.5.2 2022-05-30
  • Made compatibility with login designer; Now you can customize the password-protected screen with the customizer using login designer plugin.
2.5.1 2022-04-18
  • Fix - Author name conflict resolved
2.5 2021-08-31
  • Deprecate wp_no_robots and replace with wp_robots_no_robots for WordPress 5.7+
2.4 2020-09-24
  • Add a Nocache header to the login page redirect to prevent the browser from caching the redirect page. Props De'Yonte W.
  • Remove password-protected query from redirects on successful login or logout.
  • Check "redirect_to" query var is set in hidden form field. Props Matthias Kittsteiner.
  • Add favicon to password protected login page.
2.3 2020-05-18
  • Adds password_protected_cookie_name filter for the cookie name. Props Jose Castaneda.
  • Let developers override the capability needed to see the options page via a password_protected_options_page_capability filter. Props Nicola Peluchetti.
  • Don't use a "testcookie" POST query as it is blocked by Namecheap (and possibly other hosts).
  • Fix warnings in W3 validator - script and style type attribute not required. Props @dianamurcia.
  • Translations now via translate.wordpress.org.
  • Updated URL references. Props Garrett Hyder.
2.2.5 2019-06-04
  • Added password_protected_login_password_title filter to allow customizing the "Password" label on the login form. Props Jeremy Herve.
  • Fix stray "and" in readme. Props Viktor Szpe.
  • Update Portuguese translation. Props Jonathan Hult.
  • Update Russian translation. Props Alexey Chumakov.
2.2.4 2019-02-22
  • Check that $_SERVER['REMOTE_ADDR'] is set.
2.2.3 2019-01-10
  • Restrict REST-API-access only if password protection is active.
  • Added viewport meta tag to login page.
  • Added password_protected_show_login filter.
  • Cookie name is not editable in the admin so display just for reference.
  • Use default WordPress text domain for Remember Me and Log In buttons.
2.2.2 2018-06-05
  • Change locked admin bar icon to green.
  • Fix REST option and always allow access to REST API for logged in users.
2.2.1 2018-05-27
  • Fixed PHP error when calculating cookie expiration date.
2.2 2018-05-25
  • Added admin bar icon to indicate wether password protection is enabled/disabled.
  • Option to show "Remember me" checkbox. Props Christian Gdel.
  • REST API access disabled if password not entered.
  • Admin option to allow REST API access.
  • More robust checking of password hashes.
2.1 2017-10-17
  • Update caching notes for WP Engine and W3 Total Cache plugin.
  • Tested up to WordPress 4.8
2.0.3 2016-03-23
  • Declare methods as public or private and use PHP5 constructors.
  • Show user's IP address beside "Allow IP Addresses" admin setting.
  • Add CHANGELOG.md and README.md
2.0.2 2015-10-29
  • Only redirect to allowed domain names when logging out.
  • Check allowed IP addresses are valid when saving.
2.0.1 2015-07-29
  • Security fix: Use a more complex password hash for cookie key. Props Marcin Bury, Securitum.
  • Split logout functionality into separate function.
2.0 2015-03-26
  • Added password_protected_logout_link shortcode.
  • Load 'password-protected-login.css' in theme folder if it exists.
  • Added password_protected_stylesheet_file filter to specify alternate stylesheet location.
  • Added is_user_logged_in(), login_url(), logout_url() and logout_link() methods.
  • Better handling of login/out redirects when protection is not active on home page.
  • Added Basque, Czech, Greek, Lithuanian and Norwegian translations.
1.9 2014-12-17
  • Fixed "Allow Users" functionality with is_user_logged_in(). Props PatRaven.
  • Added option for allowed IP addresses which can bypass the password protection.
  • Added 'password_protected_is_active' filter.
1.8 2014-10-07
  • Support for adding "password-protected-login.php" in theme directory.
  • Allow filtering of the 'redirect to' URL via the 'password_protected_login_redirect_url' filter.
  • Added 'password_protected_login_messages' action to output errors and messages in template.
  • Use current_time( 'timestamp' ) instead of time() to take into account site timezone.
  • Check login earlier in the template_redirect action.
  • Updated translations.
1.7.2 2014-06-05
  • Added 'password_protected_login_redirect' filter.
  • Fix always allow access to robots.txt.
  • Updated translations.
1.7.1 2014-03-17
  • Fix login template compatibility for WordPress 3.9
1.7 2014-02-27
  • Added 'password_protected_theme_file' filter to allow custom login templates.
  • It's now really easy to contribute to the translation of this plugin via our Transifex page.
  • Add option to allow logged in users.
  • Remove JavaScript that disables admin RSS checkbox.
1.6.2 2014-01-10
  • Set login page not to index if privacy setting is on.
  • Allow redirection to a different URL when logging out using 'redirect_to' query and full URL.
1.6.1 2013-11-13
  • Language updates by wp-translations.org (Arabic, Dutch, French, Persian, Russian).
1.6 2013-07-04
  • Robots.txt is now always accessible.
  • Added support for Uber Login Logo plugin.
1.5 2013-02-21
  • Requires WordPress 3.1+
  • Settings now have their own page.
  • Fixed an open redirect vulnerability. Props Chris Campbell.
  • Added note about WP Engine compatibility to readme.txt
1.4 2013-02-10
  • Add option to allow administrators to use the site without logging in.
  • Use DONOTCACHEPAGE to try to prevent some caching issues.
  • Updated login screen styling for WordPress 3.5 compatibility.
  • Options are now on the 'Reading' settings page in WordPress 3.5
  • Added a contextual help tab for WordPress 3.3+.
1.3 2012-11-26
  • Added checkbox to allow access to feeds when protection is enabled.
  • Prepare for WordPress 3.5 Settings API changes.
  • Added 'password_protected_before_login_form' and 'password_protected_after_login_form' actions.
  • Added 'password_protected_process_login' filter to make it possible to extend login functionality.
  • Now possible to use 'pre_update_option_password_protected_password' filter to use password before it is encrypted and saved.
  • Ready for translations.
1.2.2 2012-09-24
  • Escape 'redirect_to' attribute. Props A. Alagha.
  • Show login error messages.
1.2.1 2012-05-25
  • Only disable feeds when protection is active.
  • Added a "How to log out?" FAQ.
1.2 2012-04-14
  • Use cookies instead of sessions.
1.1 2012-02-12
  • Encrypt passwords in database.
1.0 2012-02-02
  • First Release. If you spot any bugs or issues please log them here.