Skip to content
Password protect Jekyll posts.
JavaScript Ruby HTML
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
_posts transfer over files from portfolio Apr 13, 2018
_protected transfer over files from portfolio Apr 13, 2018
.gitignore gitignore unnecessary files Apr 13, 2018
Gemfile.lock transfer over files from portfolio Apr 13, 2018 adding demo Jan 24, 2020
_config.yml change repo name Apr 13, 2018
demo.gif adding demo Jan 24, 2020
gulpfile.js separate firewall tasks from default task Apr 14, 2018


Password protect Jekyll posts.



Before using, keep the following in mind:

  • This encryption type is weak against brute force attacks. Here is an example of a safe guard by lmenus.
  • Liquid templating isn't currently supported in protected posts
  • Use only Markdown syntax supported by marked
  • The password needs to be entered for each protected post. But you can easily store a successful password in cache and bypass subsequent logins
  • I discourage storing your site in a public repository unless you are okay with gitignoring sensitive information (and have no remote backup)


To begin a new site, build on top of this repository by forking or cloning.

To integrate with an existing Jekyll site, below are the necessary files:

  • _layouts/encrypted — The layout for a locked page
  • gulpfile — The Gulp file to encrypt posts


Site Structure & Password

The encrypt gulp task (below) encrypts each file in SRC-FOLDER with PASSWORD and outputs it into DEST-FOLDER. Change these settings in gulpfile.js according to your site structure.

gulp.task('encrypt', () => {
  return gulp.src('SRC-FOLDER')

Heads up that if you write public posts to DEST-FOLDER, it may be difficult to distinguish the public and protected posts. This can be easily amended but is outside the scope of the skeleton site in this repo. However, you can adjust the gulp encrypt task to change the outputted filename of protected files in the DEST-FOLDER and set the url in the front matter.

Protect Posts

To encrypt a post, simply save it in your desinated SRC-FOLDER and run gulp.




You can’t perform that action at this time.