Support » Fixing WordPress » wp-pass.php – Timeout not working after update to 3.4.1

  • Resolved Ricke 59


    After having updated my site to run WP 3.4.1 I realise that the timeout for password protected pages which I had shortened to 15 minutes is no longer in effect.

    The file wp-pass.php has the same content as before the update whilst all other files except wp-cnfig.php and wp-register.php. All three have older dates.

    Does anyone have any suggestion on how to restore the time-out functionality?

    The updating was done by using the Adminpanel automated way with widgets and templates checked.

Viewing 14 replies - 1 through 14 (of 14 total)
  • Is it realy true that wp-pass.php isn’t being used anymore. If this is the case then where do I change the time-out time for my password protected pages?

    Question reopened under the Installation section, I believe it’s better posted there.

    Moderator Jan Dembowski


    Forum Moderator and Brute Squad

    Please don’t do that, we close duplicates when we find them.

    This is in the correct forum, the Installation section is for having installation problems. This topic really is more “How-To and Troubleshooting”.

    Ok, sorry for that, but I felt the other section was more right since the update don’t include this file wp-pass.php anymore.

    But ok, let’s hope for some good answer here since I find it hard to believe that it won’t be possibe to adjust the timeout time for password protected pages.

    Will you then please also remove the flag Resolved!
    Sorry, just realised I could do that by myself.

    Moderator Jan Dembowski


    Forum Moderator and Brute Squad

    Will you then please also remove the flag Resolved!

    Yes. I did almost an hour ago when I closed your duplicate, this thread is marked “not resolved”.

    [ Moderator Note: Please post code or markup snippets between backticks or
    use the code button. ]

    wp-pass.php isn’t a part of the update 3.4.1 but the functionality is still there ???
    I made a local disk search for a cookie file with a content of wp-postpass which was a part of the old files “to do”

     * Creates the password cookie and redirects back to where the
     * visitor was before.
     * @package WordPress
    /** Make sure that the WordPress bootstrap has run before continuing. */
    require( dirname(__FILE__) . '/wp-load.php');
    // 10 days, I changed to 15min=900
    setcookie('wp-postpass_' . COOKIEHASH, stripslashes( $_POST['post_password'] ), time() + 900, COOKIEPATH);

    I found such a cookie file with a nonsense name.
    I deleted that file and now wordpress is asking for my password to the protected pages.
    After adding the password I once again search for the cookie and it’s there again with a different name and wordpress is no longer asking for the password.

    So the file wp-pass.php isn’t there anymore, but the same funcionality exists as before.

    So the question now is ofcourse, where is the wp-pass.php functionality hidden/embedded?

    After having googled a lot I’ve found the solution to the problem of not being able to set the timeout time after entering the password on a password protected page.

    What was before the update to 3.4.1 done in the file wp-pass.php must now be done in the file wp-login.php, and it’s to be done on line 393.

    Example where I’ve changed to 900 = 15 minutes

    // 10 days 864000 ändrat till 900 = 15 min
    setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 900, COOKIEPATH )

    Thank you so much Ricke 59, I’ve been looking for this forever!

    Thanks Ricke 59! I’d been looking for that wp-pass.php!

    Thank you so much!! I’ve been searching high and low for this answer. I don’t know how many times I’ve changed wp-pass.php, closed browsers, cleared cache, blah blah blah… with no luck. wp-login.php line 393 was the magic trick – thank you!!

    Any change to this file will only work until the next update. Is there any way to change the “life” of the password cookie in an upgrade-safe file? Could you put wp-login.php in a child theme?

    Thanks Ricke 59, I am having trouble working out where to put the 60 sec timeout time I want.
    The code is below.
    Would you please tell me what to change.
    Sorry it probably obvious but I just can’t work it out

    // 10 days
    setcookie( ‘wp-postpass_’ . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST[‘post_password’] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );


    The value is 864000 from start and it = 10 days
    900 from my example = 15 minutes
    If you like 60 seconds then the value should be 60 as it should be entered in seconds.

    Ref: … time() + 900, …

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘wp-pass.php – Timeout not working after update to 3.4.1’ is closed to new replies.