This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Content Protector


The Content Protector plugin allows users to password-protect a portion of a Page or Post. This is done by adding a shortcode that you wrap
around the content you want to protect. Your users are shown an access form in which to enter a password; if it’s correct, the protected content
will get displayed.


  • Set up multiple protected sections on a single Post
  • Display the protected content inline via AJAX or by reloading the page
  • Set cookies so users won’t need to re-enter the password on every visit, and share authorization with groups of protected sections.
  • Apply custom CSS to your forms
  • Choose from a variety of encryption methods for your passwords (depending on your server configuration)
  • Set custom passwords or use a CAPTCHA to authorize your visitors

A TinyMCE dialog is included to help users build the shortcode. See the Screenshots tab for more info.


NOTE: The shortcode can be built using the built-in TinyMCE dialog. When in doubt, use the dialog to create correctly formed shortcodes.


[content_protector password="{string}" identifier="{string}" cookie_expires="{string|int}" ajax="{true|{string}}"]...[/content_protector]
  • password – Specifies the password that unlocks the protected content. Upper- and lower-case Latin alphabet letters (A-Z and a-z), numbers (0-9), and “.” and “/” only. Set password to “CAPTCHA” to add a CAPTCHA to your access form.
  • identifier (Optional) – Used to differentiate between multiple instances of protected content
  • cookie_expires (Optional) – If set, put a cookie on the user’s computer so the user doesn’t need to re-enter the password when revisiting the page.
  • ajax (Optional) – Load the protected content using AJAX instead of reloading the page. Set to “true” to activate, but you must also set the identifier attribute in order to use this.

Template/Conditional Tag

content_protector_is_logged_in( $password = "", $identifier = "", $post_id = "", $cookie_expires = "" )
  • $password, $cookie_expires, and $identifier are defined the same as their analogous attributes above. $post_id is the Post ID.
  • Returns true if the user is currently authorized to access the content protected by a Content Protector shortcode matching those parameters.
  • All arguments are required.


  1. cookie_expires can be either a string or an integer. If it’s an integer, it’s processed as the number of seconds before the cookie expires; set it to “0” to make the cookie
    expire when the browser is closed. If it’s a string, it can be either a duration (e.g., “2 weeks”) or a human-readable date/time description
    with timezone identifier (e.g., “January 1, 2014 12:01 AM America/New York”). The plugin uses PHP’s strtotime
    function to process dates/times, so anything it can understand can be used depending on your server configuration.
  2. While the use of identifier is optional, you must set it if you want to apply custom CSS or use AJAX with a specific access form, or to use Shared Authorization.
  3. While you don’t need to set identifier if you want to want to set a cookie for specific protected content, editing that content in the future will invalidate any
    cookies set for it (this may actually be desired behaviour, depending on what you’re trying to do).
  4. Basically, when in doubt, set the identifier attribute. You’ll thank yourself later.
  5. When you set an identifier for protected content, the identifier gets appended onto the existing DOM IDs in its access form. For example if you set identifier="Bob"
    in a shortcode, the ID for that form element will be #content-protector-access-form-Bob
  6. Any identifiers you set on shortcodes you use in a specific post should be unique to that post (see Note 5).


  • The Form Instructions tab on the Content Protector Settings page.
  • The Form CSS tab on the Content Protector Settings page.
  • TinyMCE dialog for generating Content Protector shortcodes.
  • A Content Protector shortcode wrapped around some top-secret content.
  • The access form Content Protector creates for your authorized users to enter the password.
  • If the password is wrong, an error message is displayed, along with the access form so they can try again.
  • A correct password results in a success message being displayed, along with the unlocked content.
  • If you've set a cookie, the success message is only shown on initial authorization. This is how the unlocked content will be shown until the cookie expires.
  • A Content Protector access form that uses a CAPTCHA. You can customize the image under Settings -> Content Protector.


Note: XXX refers to the current version release.

Automatic method

  1. Click ‘Add New’ on the ‘Plugins’ page.
  2. Upload using the file uploader on the page

Manual method

  1. Unzip and upload the content-protector folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress


Coming soon. In the meantime, check out the support forum and ask away.


Read all 20 reviews

Contributors & Developers

“Content Protector” is open source software. The following people have contributed to this plugin.


Translate “Content Protector” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Setting “Password Field Placeholder” now accessible through “Settings -> Content Protector -> Password/CAPTCHA Field”


  • Form and CAPTCHA instructions moved to outside the form.
  • content_protector_unlocked_content filter bug in AJAX mode fixed.
  • CSS for div.content-protector-form-instructions fixed.
  • New Setting “CAPTCHA Case Insensitive” – to allow users to enter CAPTCHAs w/o case-sensitivity.
  • New action content_protector_ajax_support – for loading any extra files needed to support your protected content in AJAX mode.

  • Fixed bug crashing content_protector_unlocked_content filter.
  • Full AJAX support for [caption] built-in shortcode.


  • Full AJAX support for [embed], [audio], and [video] built-in shortcodes.
  • Added full support for [playlist] and [gallery] built-in shortcodes.
  • Fixed Encrypted Passwords Storage setting message bug.
  • content_protector_content filter now called content_protector_unlocked_content.
  • content_protector_unlocked_content filter can now be customized from the Settings -> General tab.
  • the_content filter now applied to form and CAPTCHA instructions.


  • Partial AJAX support for [embed], [audio], and [video] built-in shortcodes. (experimental)
  • Fixed AJAX error from code refactoring


  • Displaying Form CSS on unlocked content is now a user option (on the Form CSS tab).
  • When saving settings, the Settings page will now remember which tab you were on and load it automatically,
  • Fixed potential cookie expiry bug for sessions meant to last until the browser closes (expiry time set explicitly to ‘0’).
  • Improved error checking for conflicting settings.
  • Some code refactoring.


  • Fixed output buffering bug for access form introduced in 2.6.1.


  • Fixed AJAX security nonce bugs.


  • jQuery UI theme updated to 1.11.4

  • New setting to manage encrypted passwords transient storage.
  • New settings for Password/CAPTCHA Fields character lengths.
  • Improved option initialization and cleanup routines.
  • content-protector-ajax.js now loads in the footer.
  • WPML/Polylang compatibility (beta).
  • New partial translation into Serbian (Latin); thanks to Andrijana Nikolic from WebHostingGeeks (Novi parcijalni prevod na Srpski ( latinski ); Hvala Andrijana Nikolic iz WebHostingGeeks)


  • Skipped


  • Skipped


  • Settings admin page now limited to users with manage_options permission (i.e., admin users only).
  • Fixed bug where when using AJAX and CAPTCHA together, CAPTCHA image didn’t reload on incorrect password.
  • New settings: use either a text or password field for entering passwords/CAPTCHAs, and set placeholder text for those fields.
  • Added autocomplete="off" to the access form.
  • Streamlined i18n for date/time pickers (Use values available in WordPress settings and $wp_locale when available, combined *-i18n.js files into one).


  • Fixed AJAX bug where shortcode couldn’t be found if already enclosed in another shortcode.
  • Clarified error message if AJAX method cannot find shortcode.
  • Changed calls from die() to wp_die().


  • Removed content-protector-admin-tinymce.js (No need anymore; required JS variables now hooked directly into editor). Fixes incompatibility with OptimizePress.


  • Added custom filter content_protector_content to emulate apply_filter( 'the_content', ... ) functionality for form and CAPTCHA instructions.


  • Rich text editors for form and CAPTCHA instructions.
  • NEW Template/Conditional Tag: content_protector_is_logged_in() (See Usage for details).
  • Performance improvements via Transients API.


  • New CAPTCHA feature! Check out the CAPTCHA tab on Settings -> Content Protector for details.
  • Improved i18n.
  • Various minor bug fixes.


  • Dashicons support for WP 3.8 + added. Support for old-style icons in Admin/TinyMCE is deprecated.
  • Unified dashicons among all of my plugins.


  • Added “Display Success Message” option.


  • Added “Shared Authorization” feature.
  • Renamed “Password Settings” to “General Settings”.


  • Added support for Contact Form 7 when using AJAX.


  • Fixed label repetition on “Cookie expires after” drop-down menu.


  • Various CSS settings now controllable from the admin panel.
  • Palettes on Settings color controls are now loaded from colors read from the active Theme’s stylesheet. This
    should help in choosing colors that fit in with the active Theme.
  • Spinner image now preloaded.
  • Some language strings changed.


  • AJAX loading message now customizable.


  • Added required images for jQuery UI theme.
  • Fixed some i18n strings.


  • Initial release.