WordPress’s built in password protection for pages is a great, simple way of hiding a post content behind a password. However, many WordPress sites don’t just rely on post content, but also custom fields. See our recent post about how to set password protection up and how to troubleshoot it.
As it turns out, providing this same protection to your custom fields is relatively straight forward with the post_password_required() function.
if( !post_password_required( $post )):
// your custom field code
endif;The logic is simple – if the post is does not require a password, then display the custom fields. This stops any custom fields being exposed on password protected pages. We’ve found this particularly useful if you have made a DIY page builder using ACF’s flexible content field.