The Passster plugin allows users to password-protect a portion of a Page or Post. This is done by adding a shortcode that you wrap
around the content you want to protect. Your users are shown an access form in which to enter a password; if it’s correct, the protected content
will get displayed.


  • Set up multiple protected sections on a single Post
  • Set cookies so users won’t need to re-enter the password on every visit, and share authorization with groups of protected sections.
  • Apply custom CSS to your forms
  • Choose from a variety of encryption methods for your passwords (depending on your server configuration)
  • Set custom passwords to authorize your visitors

A TinyMCE dialog is included to help users build the shortcode. See the Screenshots tab for more info.


NOTE: The shortcode can be built using the built-in TinyMCE dialog. When in doubt, use the dialog to create correctly formed shortcodes.


[content_protector password="{string}" identifier="{string}" cookie_expires="{string|int}"]...[/content_protector]
  • password – Specifies the password that unlocks the protected content. Upper- and lower-case Latin alphabet letters (A-Z and a-z), numbers (0-9), and “.” and “/” only. Set password to “CAPTCHA” to add a CAPTCHA to your access form.
  • identifier (Optional) – Used to differentiate between multiple instances of protected content
  • cookie_expires (Optional) – If set, put a cookie on the user’s computer so the user doesn’t need to re-enter the password when revisiting the page.

Template/Conditional Tag

content_protector_is_logged_in( $password = "", $identifier = "", $post_id = "", $cookie_expires = "" )
  • $password, $cookie_expires, and $identifier are defined the same as their analogous attributes above. $post_id is the Post ID.
  • Returns true if the user is currently authorized to access the content protected by a Passster shortcode matching those parameters.
  • All arguments are required.


  1. cookie_expires can be either a string or an integer. If it’s an integer, it’s processed as the number of seconds before the cookie expires; set it to “0” to make the cookie
    expire when the browser is closed. If it’s a string, it can be either a duration (e.g., “2 weeks”)
  2. While the use of identifier is optional, you must set it if you want to apply custom CSS with a specific access form, or to use Shared Authorization.
  3. While you don’t need to set identifier if you want to want to set a cookie for specific protected content, editing that content in the future will invalidate any
    cookies set for it (this may actually be desired behaviour, depending on what you’re trying to do).
  4. Basically, when in doubt, set the identifier attribute. You’ll thank yourself later.
  5. When you set an identifier for protected content, the identifier gets appended onto the existing DOM IDs in its access form. For example if you set identifier="Bob"
    in a shortcode, the ID for that form element will be #content-protector-access-form-Bob
  6. Any identifiers you set on shortcodes you use in a specific post should be unique to that post (see Note 5).


  • The Form Instructions tab on the Passster Settings page.
  • The Form CSS tab on the Passster Settings page.
  • TinyMCE dialog for generating Passster shortcodes.
  • A Passster shortcode wrapped around some top-secret content.
  • The access form Passster creates for your authorized users to enter the password.
  • If the password is wrong, an error message is displayed, along with the access form so they can try again.
  • A correct password results in a success message being displayed, along with the unlocked content.
  • If you've set a cookie, the success message is only shown on initial authorization. This is how the unlocked content will be shown until the cookie expires.
  • A Passster access form that uses a CAPTCHA. You can customize the image under Settings -> Passster.


Note: XXX refers to the current version release.

Automatic method

  1. Click ‘Add New’ on the ‘Plugins’ page.
  2. Upload using the file uploader on the page

Manual method

  1. Unzip and upload the content-protector folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress


Coming soon. In the meantime, check out the support forum and ask away.

Installation Instructions

Note: XXX refers to the current version release.

Automatic method

  1. Click ‘Add New’ on the ‘Plugins’ page.
  2. Upload using the file uploader on the page

Manual method

  1. Unzip and upload the content-protector folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress


Works well but..some issues

Its a nice plugin – but it has a few issues –

1. the instructions text where it says – content is hidden and is protected.. is not visible.. any help on how to make it visible is welcome

2. if you can make it such that – users can use this on their Profile – where – text can be hidden – it will be a great feature..

better still – if you can make it so that a field can be seen only with password…

thank you

I was looking for that!

The plugin does what it was created for. 🙂 I like it!

# Tip # If you get an error after entering the correct password, the solution is simple. You need to change the opening tagfrom
[content_protector password = "password"]
[content_protector password = "password" identifier = ""]

The identifier must be in the opening tag (may be empty).

Sorry for my english (Translate Google 🙂 )

Works, but not self explanatory

returns “invalid password” when correct password is entered if you do not add an identifier which is marked as “optional” but is obviously mandatory.

works fine after you read the documentation (or react to unpolite post of developer @patrickposner ;-|

Why only three stars?

  • not self-explanatory enough for non-developers
  • Standard CSS poor, text field too small
  • No translations available

Breaks Beaver Builder Page

The plugin is exactly what I needed but sadly it appears to break beaver builder columns and, at least in my case, the first time I enter the password I get a message that says password incorrect, I enter it again and it works.

Read all 24 reviews

Contributors & Developers

“Passster” is open source software. The following people have contributed to this plugin.


Translate “Passster” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • under new development
  • compatibilty with WordPress 4.9+
  • clean up and restructure whole plugin
  • remove deprecated solutions for ajax and captcha
  • removed date based selection of cookie expires


  • Setting “Password Field Placeholder” now accessible through “Settings -> Passster -> Password/CAPTCHA Field”


  • Form and CAPTCHA instructions moved to outside the form.
  • content_protector_unlocked_content filter bug in AJAX mode fixed.
  • CSS for div.content-protector-form-instructions fixed.
  • New Setting “CAPTCHA Case Insensitive” – to allow users to enter CAPTCHAs w/o case-sensitivity.
  • New action content_protector_ajax_support – for loading any extra files needed to support your protected content in AJAX mode.

  • Fixed bug crashing content_protector_unlocked_content filter.
  • Full AJAX support for [caption] built-in shortcode.


  • Full AJAX support for [embed], [audio], and [video] built-in shortcodes.
  • Added full support for [playlist] and [gallery] built-in shortcodes.
  • Fixed Encrypted Passwords Storage setting message bug.
  • content_protector_content filter now called content_protector_unlocked_content.
  • content_protector_unlocked_content filter can now be customized from the Settings -> General tab.
  • the_content filter now applied to form and CAPTCHA instructions.


  • Partial AJAX support for [embed], [audio], and [video] built-in shortcodes. (experimental)
  • Fixed AJAX error from code refactoring


  • Displaying Form CSS on unlocked content is now a user option (on the Form CSS tab).
  • When saving settings, the Settings page will now remember which tab you were on and load it automatically,
  • Fixed potential cookie expiry bug for sessions meant to last until the browser closes (expiry time set explicitly to ‘0’).
  • Improved error checking for conflicting settings.
  • Some code refactoring.


  • Fixed output buffering bug for access form introduced in 2.6.1.


  • Fixed AJAX security nonce bugs.


  • jQuery UI theme updated to 1.11.4

  • New setting to manage encrypted passwords transient storage.
  • New settings for Password/CAPTCHA Fields character lengths.
  • Improved option initialization and cleanup routines.
  • content-protector-ajax.js now loads in the footer.
  • WPML/Polylang compatibility (beta).
  • New partial translation into Serbian (Latin); thanks to Andrijana Nikolic from WebHostingGeeks (Novi parcijalni prevod na Srpski ( latinski ); Hvala Andrijana Nikolic iz WebHostingGeeks)


  • Skipped


  • Skipped


  • Settings admin page now limited to users with manage_options permission (i.e., admin users only).
  • Fixed bug where when using AJAX and CAPTCHA together, CAPTCHA image didn’t reload on incorrect password.
  • New settings: use either a text or password field for entering passwords/CAPTCHAs, and set placeholder text for those fields.
  • Added autocomplete="off" to the access form.
  • Streamlined i18n for date/time pickers (Use values available in WordPress settings and $wp_locale when available, combined *-i18n.js files into one).


  • Fixed AJAX bug where shortcode couldn’t be found if already enclosed in another shortcode.
  • Clarified error message if AJAX method cannot find shortcode.
  • Changed calls from die() to wp_die().


  • Removed content-protector-admin-tinymce.js (No need anymore; required JS variables now hooked directly into editor). Fixes incompatibility with OptimizePress.


  • Added custom filter content_protector_content to emulate apply_filter( 'the_content', ... ) functionality for form and CAPTCHA instructions.


  • Rich text editors for form and CAPTCHA instructions.
  • NEW Template/Conditional Tag: content_protector_is_logged_in() (See Usage for details).
  • Performance improvements via Transients API.


  • New CAPTCHA feature! Check out the CAPTCHA tab on Settings -> Content Protector for details.
  • Improved i18n.
  • Various minor bug fixes.


  • Dashicons support for WP 3.8 + added. Support for old-style icons in Admin/TinyMCE is deprecated.
  • Unified dashicons among all of my plugins.


  • Added “Display Success Message” option.


  • Added “Shared Authorization” feature.
  • Renamed “Password Settings” to “General Settings”.


  • Added support for Contact Form 7 when using AJAX.


  • Fixed label repetition on “Cookie expires after” drop-down menu.


  • Various CSS settings now controllable from the admin panel.
  • Palettes on Settings color controls are now loaded from colors read from the active Theme’s stylesheet. This
    should help in choosing colors that fit in with the active Theme.
  • Spinner image now preloaded.
  • Some language strings changed.


  • AJAX loading message now customizable.


  • Added required images for jQuery UI theme.
  • Fixed some i18n strings.


  • Initial release.