WordPress.org

Ready to get started?Download WordPress

Forums

Password protecting pages -- how does it work?? (32 posts)

  1. cowgirly
    Member
    Posted 3 years ago #

    I can't quite figure out what's happening with the built-in password protection on a single page. When I activate it, it works fine. But then every time I visit that page, I'm granted access without having to re-enter my password. That's fine, but when does that page get re-protected? I've restarted my browser and I'm still granted access. I've cleared my cache and cookies and I'm still granted access. When does that get re-set so the user would have to re-enter the password?

    What are the parameters for password-protected access? I can't figure this out! Thanks...

  2. stvwlf
    Member
    Posted 3 years ago #

    Most likely your login is saved in a browser cookie. View the site in a different browser (IE, Chrome, Safari, etc - one you don't often use), one on which you have never logged into the site as admin. See what happens.

  3. cowgirly
    Member
    Posted 3 years ago #

    Thanks-- yes, the password protection is there if I use a new browser.

    What I don't understand is when the password-protection is reset? I cleared my cookies and my cache, restarted my browser, and I still wasn't prompted again for the password. So I don't understand when that will happen?

    For example, what if someone's using a public computer and logs in to that page, then another person uses that computer-- it seems like they'll still have access to that page, even after a browser restart... this doesn't seem particularly secure to me.

    I only have to password protect one single page, and can't seem to figure out a good way to do it! Any and all thoughts are appreciated.... thanks.

  4. fonglh
    Member
    Posted 3 years ago #

    have you tried logging out?

  5. cowgirly
    Member
    Posted 3 years ago #

    Yup. Just tried it again. Logged out of WP Admin, refreshed the pages, restarted the browser, and I'm still granted access to that password-protected page which I logged in to ages ago...

    I couldn't find any WP documentation on this feature-- does anyone know if it exists? There's got to be some kind of reason behind this...

    If anyone has other ideas on how to somewhat securely password protect a single page, I would really appreciate it!

  6. cowgirly
    Member
    Posted 3 years ago #

    Just found this:

    "After entering the password that first time, WordPress will securely store the password with the browser you entered it with so you won’t have to enter it again."
    http://en.support.wordpress.com/posts/post-visibility/

    Really? So if someone accesses the page via a public computer, then every other user of that computer will be granted access to that "protected" page?

    Is there any way to change this setting? HELP is appreciated, I need to get this done for a client asap...

  7. cowgirly
    Member
    Posted 3 years ago #

    *bump* in case anyone has any further info on this... thanks...

  8. cowgirly
    Member
    Posted 3 years ago #

  9. stvwlf
    Member
    Posted 3 years ago #

    You realize that by changing a core WordPress file, every time WordPress upgrades you have to change the file again? It could be ten times a year.

  10. esmi
    Forum Moderator
    Posted 3 years ago #

    Plus, unless you are an experienced coder, you could be opening up security holes in your WordPress site.

  11. cowgirly
    Member
    Posted 3 years ago #

    Okey doke, thanks to you both for that info. Any thoughts on how to do this, then? It seems like there should be a way to automatically log users out before the WP-coded 10 days are up (upon browser close, or *anything*). I can't believe there is no way to do this-- there has got to be a way. Thoughts are very, very much appreciated, as I'm nearing the end of my rope... thanks...

  12. Sheila
    Member
    Posted 3 years ago #

    Did you ever resolve this. I had dialogued with you about it over on the Headway Themes forum too. I now have the same issue! Looking for the answer too. Been reading tons of posts on the WP forum and so far nothing. Fingers crossed you figured it out and can pass on the answer. Thanks.

  13. cowgirly
    Member
    Posted 3 years ago #

    SheilaHoff, I did kind of halfway resolve it :)

    As posted above, you can change the timeout here, but it will be overwritten whenever WP upgrades:
    http://wordpress.org/support/topic/how-to-require-logout-from-password-protected-page?replies=6

    Turns out my client is ok with the 10-day logout, so it's a non-issue for now.

    But I had also posted on Freelancer.com for someone to code a workaround for this, and found someone with high ratings who said he figured out how to do it. Let me know if you want that info.

  14. Sheila
    Member
    Posted 3 years ago #

    Thanks, you can PM me over at HT or post info here. It's astonishing to me that there is a simple solution to this.

  15. Sheila
    Member
    Posted 3 years ago #

    I don't seem to be able to log-in with my other WP account but I wanted to post that I think I may've just found the plug-in solution. It adds a cool lock graphic and then when you’re logged in it adds a button that says LOCK. So then those who are allowed access will need to relock the page on exit.

    http://wordpress.org/extend/plugins/better-protected-pages

  16. 100he
    Member
    Posted 2 years ago #

    Hi, please cowgirly post info here.
    I am using wordpress.com and i do not know how to modify the time logout or have the plugin. ¿ may you help me?
    Thank you in advance

  17. Sheila
    Member
    Posted 2 years ago #

    Try the plugin I recommended above. It's free and easy and safer than the built in password protection which leaves you logged in (not good if on a public computer).

  18. 100he
    Member
    Posted 2 years ago #

    Thank you Sheila, buy i can´t find the menu PLUGIN.

    i followed the installation steps (I think this is just for WP.org but I have WP.com)
    Upload plugin-name.php to the /wp-content/plugins/ directory
    Activate the plugin through the 'Plugins' menu in WordPress
    Configuration is found under 'Settings' 'Better Protected Pages' in the WordPress admin menu
    any idea?

  19. Sheila
    Member
    Posted 2 years ago #

    Sorry...never used WP.com so I don't know what your limitations are and what's possible. Perhaps someone else can assist.

  20. kgb_grafix
    Member
    Posted 2 years ago #

    I'm having the same problem—I can log in to my password protected page, once, but then it stays open forever. I've tried all the suggestions above, except for the plug in.

    I re-edited the page, logged out, cleared caches, changed the cookie storage time, the whole nine yards.

    What to do?

  21. Sheila
    Member
    Posted 2 years ago #

    The plugin I recommended works great although it does depend on your user following through and clicking the log out button. But AFAIK WP itself has no real way to address this issue.

  22. kgb_grafix
    Member
    Posted 2 years ago #

    Thanks Sheila!

    Just tried the plugin and it's not working. It put the "lock this page" button on the page, and when I press the button the entire page goes blank, but when I go back to the home page and then navigate to the page that's supposed to be password protected, it's still open—with the lock this page button showing.

    I've after testing with the password the first time I've never been able to "re-lock" the page. Any other suggestions are most welcome.

  23. MickeyRoush
    Member
    Posted 2 years ago #

    Try putting this in your theme's functions.php:

    add_action( 'wp', 'post_pw_sess_expire' );
        function post_pw_sess_expire() {
        if ( isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
        // Setting a time of 0 in setcookie() forces the cookie to expire with the session
        setcookie('wp-postpass_' . COOKIEHASH, '', 0, COOKIEPATH);
    }
  24. kgb_grafix
    Member
    Posted 2 years ago #

    Thanks Mickey!

    That worked perfectly! You're my hero.

  25. kgb_grafix
    Member
    Posted 2 years ago #

    Now that password protection is working, I have another query.
    When the page is password protected it automatically generates the following text:

    "This post is password protected. To view it please enter your password below:"

    Anyone know what I need to do to change that text?
    Thanks a million!

  26. stvwlf
    Member
    Posted 2 years ago #

  27. TAC28
    Member
    Posted 2 years ago #

    Just wanted to send my thanks to MickeyRoush as I've used the code and it works perfectly :)

  28. cazwilson09
    Member
    Posted 2 years ago #

    The same as what TAC28 said. Thanks, MickeyRoush!

  29. FrogM
    Member
    Posted 2 years ago #

    Hi There,

    I have several pages that are password protected. Is it possible to use a variation of this code that will allow all pages that are password protected to remain unlocked until the end of the session?

    i.e. if you have entered the password once on any one of the protected pages you can view all of them without re-entering it. Then if you navigate away from the site and you go back in, you have to then re-enter the password.

  30. terry777
    Member
    Posted 2 years ago #

    I found that the code from MickeyRoush worked as long as I didn't use the BACK button to navigate back to the page, although in Safari it worked then too. Is that because using the BACK button causes the cached page to display, whereas typing the address into the address bar re-loads the page?

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags