WordPress has basic password protection for pages built in. It’s incredibly handy to provide some basic content protection, especially if you want to send some content for approval from someone who doesn’t have access to the WordPress admin.
In Gutenberg, you can find it in Post >> Visibility and change the dropdown to “Password Protected”.
In the Classic Editor, Publish >> Visibility >> Edit and change the radio button to “Password protected”.
But what do you do if you’ve set up a password for a page, but it’s still allowing access without a password? here’s some basic troubleshooting tips. This is aimed primarily at developers as it’s most likely to affect custom themes.
1.Try Incognito Mode
Try opening the page in an incognito window to avoid any browser caching or chances of being logged in. Alternatively, try a different browser or device.
2. Clear your cache
If you have a caching plugin, make sure you do a full cache clear. This is unlikely to be the cause, but we’ve seen some strange errors caused by caching plugins over the years, and it can’t do any harm. If you are running Cloudflare, also clear the cache over there. Alternatively, disable caching plugins temporarily to 100% ensure that cache is not affecting your page.
3. Check your page template
This is the most important part to check – your page must have
the_content(); within your loop for password protection to work. Password protection does not cover custom fields by default, but it’s not hard to make this happen – see our article on this.
We’ll call these the ‘nuclear’ options as they require significant but temporary changes. All the below recommendations should be carried out on a staging site – a clone of your live site that can be used for testing changes.
4. Switch to a default theme
Switching to a default theme such as Twentytwenty one is a good first step. If password protected pages work after the switch, then you know it’s likely that your theme is the culprit.
5. Disable plugins
One by one, disable plugins and re-test your password protected pages. This will tell you if a plugin is the culprit and specifically which one.
Let’s wrap it up
There we have it – this is a rare issue but an annoying one when it pops up. The most likely culprit is point three on our list.- always use
the_content(); even if you aren’t placing any content inside or hiding it in the admin.
Did this help? have any other suggestions? let us know down in the comments.