A very simple way to quickly password protect your WordPress site with a single password.
This plugin only protects your WordPress content. It does not protect and images or uploaded files so if you enter and exact URL to in image file it will still be accessible.
- Password protect your WordPress site with a single password.
- Option to allow access to feeds.
- Option to allow administrators access without entering password.
- Works with Mark Jaquith's Login Logo plugin.
- Works with the Uber Login Logo plugin.
Please note, this plugin works by setting a cookie to allow access to the site. If you are using a caching plugin or web hosting such as WP Engine that has in-built caching, you will need to configure the caching service to be disabled if the Password Protected cookie is set.
To install and configure this plugin...
- Upload or install the plugin through your WordPress admin.
- Activate the plugin via the 'Plugins' admin menu.
- Configure the password options in the Password Protected settings.
If you are upgrading manually via FTP rather that through the WordPress automatic upgrade link, please de-activate and re-activate the plugin to ensure the plugin upgrades correctly.
Frequently Asked Questions
How can I change the Wordpress logo to a different image?
Install and configure the Login Logo plugin by Mark Jaquith or the Uber Login Logo plugin. This will change the logo on your password entry page AND also your admin login page.
How can I enable feeds while the site is password protected?
In the settings, check the 'Allow Feeds' checkbox.
Can I prevent administrators having to enter password?
In the settings, check the 'Allow Administrators' checkbox.
I cannot preview my changes in the Theme Customizer
You must be an administrator (have the manage_options capability) and in the Password Protected settings, check the 'Allow Administrators' checkbox.
How can I log out?
Just add a "password-protected=logout" query to your URL. eg. http://www.example.com/?password-protected=logout
How can I redirect to a different domain name when logging out?
If passing a redirect URL using 'redirect_to' when logging out you need you may need to use the allowed domain names filter to allow redirecting to an external domain.
Where can I report bugs and issues?
Please log issues and bugs on the plugin's GitHub page. You can also submit suggested enhancements if you like.
How can I contribute?
If you can, please fork the code and submit a pull request via GitHub. If you're not comfortable using Git, then please just submit it to the issues link above.
How can I translate this plugin?
If you would like to translate this plugin you can easily contribute via our Transifex page - just signup for a free account. More instructions can be found at wp-translations.org
Fix REST option and always allow access to REST API for logged in users. Change locked admin bar icon to green.
Fixed PHP error when calculating cookie expiration date.
Added admin bar icon to indicate wether password protection is enabled/disabled. Options to enable REST API access and show "Remember me" checkbox.
Update caching notes for WP Engine and W3 Total Cache plugin.
Show user's IP address beside "Allow IP Addresses" admin setting. Declare methods as public or private and use PHP5 constructors.
Only redirect to allowed domain names when logging out.
Security fix: Use a more complex password hash for cookie key.
Added 'password_protected_logout_link' shortcode and use 'password-protected-login.css' in theme folder if it exists.
Fixed "Allow Users" functionality and added option to allowed IP addresses which can bypass the password protection.
Support for adding "password-protected-login.php" in theme directory and allow filtering of the 'redirect to' URL via the 'password_protected_login_redirect_url' filter.
Added 'password_protected_login_redirect' filter.
Fix login template compatibility for WordPress 3.9
Added 'password_protected_theme_file' filter and option to allow logged in users. Contribute to the translation of this plugin via our Transifex page.
Allow redirection to a different URL when logging out.
Added support for Uber Login Logo plugin.
Fixes an open redirect vulnerability. Settings now have own page.
Administrators can use the site without logging in. WordPress 3.5 compatible.
Allow access to feeds. Ready for translation.
Passwords saved encrypted.
View a list of all plugin changes in CHANGELOG.md.