Question about password protected pages

  • Unknown's avatar
    singerstest69 · Member ·

    Once the password is entered and the password protected pages are accessed, simply copying and pasting the URL bypasses needing to enter the password. We used the built in wordpress ‘password protected’ option when publishing page.
    Thanks!

  • Unknown's avatar
    yashitamittal · Member ·

    Hi there,

    The browser saves the password once it is entered by the user for the password protected page.
    So the next time they visit the page they don’t have to enter it again.

    WordPress does have some (long) time limits which save login information.
    I would be very difficult for a user if WordPress keeps them logging out after small intervals.

    If the users clear their cache, then the password will be removed and the password protected page won’t open.

    Hope that clears the confusion :)

  • kokkieh · Staff ·

    Hi there,

    The answer provided by @yashitamittal11 above is almost correct, but not quite, as it’s not the browser storing anything, it has nothing to do with login information as you don’t need to be logged in to access a password-protected page on a public site, and clearing the browser cache won’t make a difference :)

    When you enter the password on a protected post or page, your site places a cookie in the browser so that for a limited time, someone won’t need to enter the password again to view the same page. They’ll only need to enter the password again once that cookie expires, or once cookies are manually deleted from the browser.

    Password-protecting a post or page is not secure. It’s an easy way to restrict access to content and to prevent a post on a public site from being indexed by search engines, but the password is set on the page so anyone who manages to obtain the password will be able to access it and ultimately you have no way of preventing others from sharing the password once they have it.

    For a secure option you’d need a membership system on your site, where people who should have access need to create their own accounts with their own unique passwords. This requires use of a plugin, which requires the Business Plan on WordPress.com.

    However, I also see the account you’re using to post here does not own any sites on WordPress.com, so I’m assuming you’re actually asking about a site using the open source WordPress software. You can find support for that version of WordPress at https://wordpress.org/support/, though the information I provided above about how password protected posts work applies to both versions of WordPress.

  • The topic ‘Question about password protected pages’ is closed to new replies.