Support » Fixing WordPress » Password Protected Pages Not Working

  • I have password-protected pages on my WordPress site. However, when I visit the page and enter the password, it simply re-asks for the password — it does not grant the user access.

    I am using the WordPress 2017 theme and have no additional plugins. I cannot find any advice on why this problem occurs and how to fix it. Can anyone help?


    The page I need help with: [log in to see the link]

Viewing 15 replies - 46 through 60 (of 126 total)
  • I use cloudflare as a CDN. I had disabled a bunch of plugins (iThemes Security, WP Fastest Cache, etc) and still had same issue. Then I purged the cache at cloudflare and it worked.

    So I think a page rule needs to be added to exclude caching/CDN for this page at cloudflare, but since the cache there rebuilds on its own, I won’t know if it worked for awhile.

    For me this happened when I set the rule in wp-config.php > define ‘WP_HOME’ and ‘WP_SITEURL’ with different values due to concrete needs. So change it and unify those values and probably password protect will work correctly.

    Same problem here, I removed the caching extension and tried the .htaccess expire rules that somebody posted here but the problem persists.

    I know this probably sounds pretty obvious to most people here, but it might pay to double-check that the password protected pages don’t contain links to other protected pages that contain different passwords, as that is what happened to me! I had duplicated a page, and because of the hierarchy I was using with my content, WordPress was just asking for the (different) password to a page that was within that content. Once I changed it to the same as the others, I didn’t have to type it in again. Hope this makes sense and helps someone else, ie double-check your passwords and make sure there isn’t a rogue one in there you may have forgotten!

    • This reply was modified 2 years, 7 months ago by shar0n.


    I am also having bad ongoing issues with this, with it starting during 2018. I have re-installed the WordPress so many times but it doen’t fix the problem all the time. I have also gone into the problem page and resaved it (not changing the password) and this seems to work for a day or two.
    I wish someone out there would explain how to fix this in a simple way! I am not very code-savvy and the site in question is used by lots of other non-techy people, so help! Please!

    This is probably a bug. I’v tried WordPress with Nginx and with Apache. I’ve also tried it with Cloudflare and without it. I always get the same result. WordPress recognizes the protected page by adding the word “protected” before the title but it shoes it to everyone regardless of everything I did.

    I was happy as a small kid few months ago when I applied trick with htaccess and it worked. But now I am on the same boat as the others, solution is not working anymore.

    Main question is why WP opened this forum when nobody cares about it? I am not demandig user but the basic function as protected page has to be reliable and when is any error with it, it must be solved quickly, in weeks. This is one year old.

    I am not sure but it seems WP was bad choice.

    I have exactly the same problem. It just started a couple of days age. Sometimes the password works and other times it doesn’t. It just goes to another login page. Then all of a sudden, everything works correctly. I was even locked out of the back end of my website for a few hours yesterday. It all started with the WordPress update that was released a few days ago.

    I had the same problem on my reseller account ( not after moving from IP address while we built the website to domain name. After trying everything I could think of (including deactivating EVERY plugin and removing self signed SSL from hosting server via cpanel) I found a thread suggesting this code be placed in .htaccess

    <IfModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault A0
    ExpiresByType text/javascript A0
    ExpiresByType application/javascript A0
    ExpiresByType text/css A604800
    ExpiresByType image/gif A604800
    ExpiresByType image/png A604800
    ExpiresByType image/jpeg A604800
    ExpiresByType image/x-icon A604800
    ExpiresByType text/html A0

    This did not make any difference. I then realised I had not yet updated SETTINGS > GENERAL > WORDPRESS ADDRESS URL. to the domain name – it was still set to IP address and hosting name so I updated that.
    Then I went to PERMALINKS and clicked UPDATE.
    To my surprise – problem fixed. So I am not sure exactly which of the above fixed the problem or was it a combination or all 3. Irrespective, it now works as it should and I am very happy. Hope this helps others.


    I have been using password protection for posts.

    I tried to remove password protection and can not. ‘Update Failed’. I’ve deleted cache.

    The problem might be that I did a ‘quick edit’ and changed status of posts from published to draft. Nothing works now. I can’t change posts from draft to public, nor get rid of password protection. All ‘Update Failed’.

    I can’t seem to publish posts either. Very odd behaviour. I have to log out then back in. I can then post once, then it won’t allow me create new posts ‘Publishing failed’.

    I know this isn’t directly related to this thread, but it all started around password protection and Quick Edit. Thanks for any help!

    Hey all! I see some people are getting aggravated about a “lack of support.” I read someone say “seems WP was a bad choice.” I understand the frustration, but let’s be nice. WP runs 25% of sites world-wide last I checked. That tells me it’s one of the best choices. So let’s breathe and figure this out. πŸ™‚

    We know this works out-of-box 99% of the time. That tells us we each have configurations that could impact the feature.

    I fixed my problem with it – for me it was cloudflare possibly mixed with other variables.

    Do the following:
    ** Note: use incognito mode (or whatever your browser calls it) in the browser so you’re not dealing with cookies during testing. Always open a new incognito window when performing a test and close all other to remove all browser/cookie variables from this process.

    1. If you use Cloudflare, put it in development mode – this will give you 3 hours to troubleshoot.
    2. Test your page in an incognito window.
    3. If you use any kind of performance or caching plugin, temporarily deactivate it.
    4. If you use any kind of code minification plugin, temporarily deactivate it.
    5. Test your page in an incognito window.
    6. If you’re using a custom theme, switch to Twenty Nineteen temporarily.
    7. Test your page in an incognito window.
    8. Go to WP Dashboard > Settings > Permalinks and click Save.
    9. Test your page in an incognito window.
    10. If you use any privacy or member-related plugins, temporarily deactivate them.
    11. Test your page in an incognito window.
    12. Edit the page that is giving you a problem. Set a new temporary password on the page and Update the page.
    13. Test your page in an incognito window.
    14. Go to WP Dashboard > Settings and review your global settings. If your home URL or site URL are incorrect, fix them and save changes.
    15. Test your page in an incognito window.
    16. Skip this and get a developer to do it if you are not familiar with .htaccess. Edit the .htaccess document in the root web directory. Look for any entries having to do with caching, expires headers, etc. Comment them out temporarily by prefixing the lines with a hashtag/pound character (#). Save the file.
    17. Test your page in an incognito window.
    18. Create a new post or page temporarily and assign a password to it.
    19. Test the temporary page in an incognito window. If it works, trash the temporary post/page, then consider recreating the actual password protected page from scratch.

    Following this procedure should at least help to identify the issue for most situations. To really test whether your site/host configuration is an issue, you can try some more complex and involved procedures such as:

    1. Ask your host for help! Good hosting companies will get your WP credentials, log in, and set you straight.
    2. Create a new WordPress installation in a subdirectory or subdomain and create one post/page with password protection and test it. If it works, your current hosting configuration is OK and something about your actual WordPress installation is conflicting with post/page password protection.
    3. Create a new WordPress installation on another host or clone your full wordpress installation to the new host and test it there. I know it’s easier said than done, but hosts are increasingly using sneaky methods to cache or tune their server for scalability (so they can stretch resources and make more money per client) and this can lead to issues in specialized cases.
    4. Hire a seasoned WordPress developer. Nobody wants to hear this or go this route, but if your time is worth $20, $30, $50, or $100 per hour doing what you know best, then coming up with $50-$100 to have your problem fixed frees you up to make money and it support those of us who offer as much support as we can for free but also make a living helping folks like you! πŸ™‚
    5. Those are my suggestions for now. Please continue posting FIXES with detailed procedures so we can figure this out.


      p.s. Don’t hesitate to contact me if you need help. I can’t always do it for free as this is how I make a living and feed my family, but I will offer as much support as I can.


    do not know exactly why, but this code in functions.php helped me.

    function http_header() {
       header("Cache-Control: no-cache");
    add_action( 'send_headers', 'http_header' );
    • This reply was modified 2 years, 4 months ago by jurusss.


    I had the same issue and I realized it had something to do with the secure protection certificate. The password works when the client is provided with a “https://&#8221; link but the password does not work if the client is provided with a “http://&#8221; link to the same page.

    I was using a custom login page with Cerber. I disabled Cerber and the password protected page started working. Turned Cerber back on, page not working again. Removed the custom login page in Cerber, page working. YMMV πŸ˜‰

    I deactivated litespeed cache and it works…

Viewing 15 replies - 46 through 60 (of 126 total)
  • You must be logged in to reply to this topic.