MFD Consult

Page Protection

Page Protection er et plugin for dig, der gerne vil beskytte en eller flere af dine WordPress-sider med brugernavn og kodeord.

Ved hjælp af dette plugin kan du sørge for, at indholdet på siderne og deres undersider kun kan læses, hvis det rigtige brugernavn og kodeord angives. Samtidig bliver undersider skjult i menuer og sidelister, med mindre det rigtige brugernavn og kodeord er blevet angivet, og desuden kan siderne og undersiderne ikke findes ved en søgning, med mindre du eksplicit angivet at de skal kunne findes (dog vil de så kun optræde i søgeresultatlisten med overskrift).

Du kan prøve det af her, på en beskyttet side — brugernavn og kodeord er henholdsvis page og protection.

Læs mere og download seneste version i WordPress’ pluginkatalog.

Tags: , , ,

69 svar til “Page Protection”

  1. matt siger:

    The password prompt is working though once you enter a password it only shows me the password header “This page is protected with user name and password…” and not my page content. Please advise…

  2. Svend TT siger:


    Jeg har søgt længe efter sådan plugin… men blev fælt skuffet da jeg fandt ud af at den ikke virker.

    Der opstår en fejl et eller andet sted, for selvom jeg indtaster det korrekte password og brugernavn, får jeg en besked om at det er forkært…

    Noget der er en forklaring på…?

    hilsen Svend TT

    • Svend TT,

      Det lyder underligt, men jeg har på fornemmelsen det måske skyldes, at din PHP kører på en speciel måde. Jeg sender dig en ny udgave, med lidt debug-funktionalitet indbygget — prøv at lave en side med brugernavn/adgangskode debug/debug, så vil den forhåbentlig spytte noget ud, du kan sende retur til mig…

  3. kip siger:

    What I’d like is to have a list of users defined somewhere, then for certain pages I would only choose some users to be able to access that page. Is there any possibility you might add any functionality like this in the future?

    • kip,

      Page Protection is designed for use by a set of people associated with a site, but not registered as individual users. Thus, it’s quite different from a group of registered user, so I don’t see a feature like that in the future, no. There might be other plugins that would be better suited for that task.

  4. Mattias siger:

    Hi, i’m new at wp, how ever, I don’t find how to apply the plug to a page. And where to define the user/password.


    • The plugin must be activated from the plugin administration page.

      Once activated, you should see a new box labelled “Page Protetection” on the edit page for a page. The box contains fields for user name and password.

      • Mattias siger:

        Thanks for the help.
        I have another question though, once I have unlocked the page, it´s acceseble for everyone, have I done anything wrog or is that how it´s supposed to work?

  5. Michael siger:


    Thanks for the great plugin. It’s exactly what I need. Install and implementation was a breeze. However, when I put in my username/password, it’s telling me it’s incorrect, and prompting me to do it again. I’ve tried “debug/debug” and gotten the same results. Any thoughts?


  6. ozzy siger:

    I have a problem with this pluggin which I hope you could fix Morten. When I type the username and password, it just open a new window asking me again for the username and password. Been trying a lot of usernames and passwords but it never accept my login information :(

    • Are you running PHP in CGI mode? That ususally prevents PHP, WordPress and plugins from getting to the authentification information, resulting in the prompt being displayed again.

      Have you tried the debug/debug trick?

  7. Irvine siger:

    Works fine when you enter the wrong password, but when I cancel the username and password prompt, it still goes to the protected page :(

  8. Morgan siger:

    Thanks for the plugin.

    I was having a problem that it would always “forget” my page protect settings.

    After looking at the code I realize why this happened. It is because I created the page first, and later added the plugin to protect the page.

    In your code, there is no wp_update_post function, only wp_insert_post. Therefore, my updates never were able to update the protection status after the first time of insertion.

    Here is the code I added to the plugin to fix the problem. I think it works ok, at least so far:

    function page_protection_update_post($pID) {
    delete_post_meta($pID, ‘_page-protection’);
    if (isset($_POST[‘page-protection-on’]) && $_POST[‘page-protection-on’])
    update_post_meta($pID, ‘_page-protection’, array(
    ‘user’ => $_POST[‘page-protection-user’],
    ‘pass’ => $_POST[‘page-protection-pass’],
    ‘searchable’ => isset($_POST[‘page-protection-searchable’])
    add_action(‘wp_update_post’, ‘page_protection_update_post’);

    • Theresa siger:

      This is the exact fix that I was looking for! I’m hoping it will fix the problem, but only time will tell since it will “forget” the password settings after a questionable amount of time. TIA!

    • Theresa siger:

      Nope, it looks like it didn’t work. I think it has something to do with WordPress’ autosave feature, because it seems to forget the password whenever the autosave message comes up. I disabled post revisions so I’m hoping that will fix it. So far so good.

  9. Morgan siger:

    Ok, so my “fix” didn’t work. My page still “forgets” its protection regularly.

    Do you have any idea why this is happening?


    • Morgan siger:

      Sorry! Please ignore my latest post. It actually IS working now, it is just that my browser was remembering the authentication information so I wasn’t seeing the password protection.

      However, the code fix I posted above did change behavior for the better. Before, whenever I navigated to the page in question within admin, it would “forget” the previous settings.

      Now it always seems to remember them.

      Sorry about the multiple posts.

  10. sean siger:

    how can I tell if my provider is running as CGI and not mod_php.

    This plugin is precisely what I need as well, but I keep getting prompted over and over.

    When I create a page with debug/debug it seems trapped in the same loop.

    I was able to cancel out and got some output, part of the header response was [GATEWAY_INTERFACE] => CGI/1.1

    Assuming that means provider is CGI…

    Is there another plugin like yours that will work this way?

  11. sean siger:

    I just ran a sniff on it, the response code that comes back is a 401 on the wire, but that of course is not presented.

    Would you expect the server to actually respond with a 401 code vs a hard error if CGI was the issue?

    I wonder if the theme is breaking it.

  12. ken siger:

    I am trying to find out how to change the message that shows on the prompt. I would like it to say something different. is there an easy way to make this change?

  13. MGCC siger:

    First off, thanks for all your hard work in creating this plug-in. It was exactly what I needed on our site.

    Since the installation we have run into two issues:
    1) It seems to “forget” to prompt people for the login after a few days and just show them the blank page with the message that it is password protected. By going into the admin area and unchecking then re-checking the password protect box I can ‘Update’ the page and it starts working again
    2) if you click “Cancel” when prompted for the username & password there isn’t any way to get it to prompt you again (using Firefox 3.6)

    Any suggestions?

    • MGCC,

      I can’t explain nor reproduce what you’re experiencing.

      The plugin tries to send reasonable caching headers to avoid situations like those, but apparently without complete success.

      Could you tell a little more about the platform (OS/Web Server/PHP/WP) you are using?

  14. alberto siger:

    Hello! very nice this plugin but isn’t work for me…
    any time it ask me the user and password and in the user box appears the website url“user”
    whe I insert the right user/passowrd everytime ask me again neither with the debug/debug.
    My blog is in a subdirectory and the url is different of the installation one … may be this?
    or the PHP – CGI?
    thanks a lot

  15. alberto,

    I’m not sure what’s going on, but could be a CGI issue, yes.

  16. Amanda siger:

    In the lower left hand corner of my site you’ll see the word “Login” When you click on that, you’ll see that’s where I applied your plugin. The username and password are both “test” but it won’t work for me.

    I don’t know anything about PHP or CGI but I love your plugin and it’s exactly what I need. I’m just hoping we can get it to work. Please let me know your thoughts.

    • Amanda,

      For some reason, I get prompted twice when using Firefox. If I cancel on the first one, and enter the right user name and password on the second, I’m allowed through as expected.

      With IE I only get one prompt, which I can’t get through.

      Either you have some other security measures in place, or the web server (IIS) is misbehaving…

  17. Luis Fernando siger:

    Hey, thanks for share your code.

    Works like a charm

    just one thing

    I want redirect the browser if the user click on Cancel Button,so, i got it using js, but this is not absolutely secure if js is disabled.

    do you have a suggestion to do it? 😀

    here is my code

    function protectpage() {
    global $post;
    if (!is_protected_page() || is_authorized_protected_page()){
    //if is autorized do something on the header
    echo ‘
    window.location = “‘.get_bloginfo(‘wpurl’).'”;


  18. Shilo siger:

    Hi Morten,

    i just installed your plugin to test it. Works great! However, rather than just use one username and password, is there anyway to use the existing username and passwords from the WordPress site?


  19. Nathalie siger:

    I am currently putting together my website and I want to add a feature where I can protect my pictures with an password. I am not sure if this the right plug in for me. In other words I just need a plug gin that is going to allow the viewer to put a password when they enter the galleries. (if go to to is the “COLLECTIONS” tab that I need protected) They don’t have to sign in or give any info just type in the right password. Do you think your pluggin is what I need? I am just starting out I would really appreciate any help/advice you may have. Thanks

  20. Carl siger:

    hey Svar,

    i find your plugin and look for some time to let it work. after reading the supportpages and questions above it seems some people couldn’t use it because of an error with the username and password. And I must confess it was the same with my site. Finally I adjust an new user and password and it works fine. Before that I used the users and pasword of the users in wordpress. Seems for me the most logic that subscribers uses their own name and password. No? But it works now. I only must people tell them wath the user and pasword is… greatings

  21. josh white siger:

    For the site I am trying to make a password protected page, whereby multiple passwords and user names can be set up (around 100) for the following page:

    At the moment there is only one, and this doesnt prove to be very safe. does yours work the same way. Is there a decent plugin for multiple usernames/passwords to be used???? im very lost and dont want to go down the .htaccess route. I just want a simple plugin. does it exist???

  22. piotr siger:

    Can you please tell me how to make that great plugin work ? I have the latest WP installation, PHP i CGI mode and every time I open the site that is protected, after enteriing the username and password, firefox asks me to type those two again and again …

    You can check it here – the site is under developement:

    when I choose cancel, it displays:

    This page is protected with user name and password…

    Thanks for help!


  23. Neil Robinson siger:

    Hi, Morten,

    This is a great plugin!

    I wanted to protect a page with a password within the browser and it does this perfectly and is very easy.

    It would be useful to have some code to add to the page to log-out, if you could write it!

    I am using WordPress 3.0.1 and it works fine.

    Thank you!

  24. Joe P siger:

    After I do the debug/debug and I get all that text, what do I do from here?

  25. Ajay siger:

    how to remove cancel button on the authentication of username and password form

  26. tmano siger:

    Hi Morten!

    Your plugin is almost the one id like. Wanted to ask you that is it able to set up more pass’s and logins for a specific page?

    I need to get access to a secured page in wordpress, for about 100 people… or dont you have any other idea?

    Thanx in advance


  27. Poyi siger:

    Hi, I have the same problem…

    I tried the debug/debug trick and it didn’t work. When I cancel logging in, below script pops on the page:

    Array ( [SERVER_SOFTWARE] => Apache/2.2.14 (Unix) FrontPage/ [REQUEST_URI] => /?page_id=122 [PATH] => /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/opt/bin:/var/hivedb/:/usr/services/vux/apache/bin:/usr/services/vux/mysql/bin [FCGI_ROLE] => RESPONDER [SCRIPT_URL] => / [SCRIPT_URI] => [DOMAIN_NAME] => [DOMAIN_PATH] => /data/22/2/4/66/2004066/user/2191954/htdocs [PKEY] => 2004066.2191954 [RAILS_URI] => INVAL [DOMAIN_USER] => 2004066.2191954 [HTTP_ACCEPT] => image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/, application/, application/msword, */* [HTTP_REFERER] => [HTTP_ACCEPT_LANGUAGE] => en-us [HTTP_UA_CPU] => x86 [HTTP_ACCEPT_ENCODING] => gzip, deflate [HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2) [HTTP_HOST] => [HTTP_COOKIE] => wp-settings-1=m9%3Do%26m6%3Do%26m5%3Do%26editor%3Dhtml%26align%3Dcenter%26imgsize%3Dfull%26hidetb%3D1%26m4%3Do; wp-settings-time-1=1297865132; PHPSESSID=2b6e7422c31794994ca13beb288dbdfa; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_695637dff337440e957205778c4b53b6=admin%7C1298129275%7Cd46d499b7557af21c4001b2675ccde10; cpp-e739617f5b34202d6226648d34d091ba=MySecretContent; cpp-global-password=TopSecretTips [HTTP_CACHE_CONTROL] => max-stale=0 [HTTP_CONNECTION] => Keep-Alive [HTTP_X_BLUECOAT_VIA] => AEFD3067D0613872 [SERVER_SIGNATURE] => [SERVER_NAME] => [SERVER_ADDR] => [SERVER_PORT] => 80 [REMOTE_ADDR] => [DOCUMENT_ROOT] => /data/22/2/4/66/2004066/user/2191954/htdocs [SERVER_ADMIN] => [no address given] [SCRIPT_FILENAME] => /data/22/2/4/66/2004066/user/2191954/htdocs/index.php [REMOTE_PORT] => 45247 [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.1 [REQUEST_METHOD] => GET [QUERY_STRING] => page_id=122 [SCRIPT_NAME] => /index.php [PHP_SELF] => /index.php [REQUEST_TIME] => 1297959197 [argv] => Array ( [0] => page_id=122 ) [argc] => 1 ) Array ( [page_id] => 122 ) Array ( [122] => Array ( [parent] => 122 [parent_title] => staff schedule [user] => debug [pass] => debug [searchable] => ) )

    Any idea?

  28. benmur siger:

    I am very new to wordpress 3.1 and just started a new website. My hosting site is FatCow. I installed your plugin through the plugin page. It seems to have installed correctly, but when the password window comes up and I type in the username and password I had assigned, it opens up a new second window asking to type in the username and password again. After the third time it shows the page with “This page is protected with username and password…”.
    Can you let me know how I can fix this?

  29. benmur siger:

    Hi Morten,
    This is the output from debug/debug

    Array ( [SERVER_SOFTWARE] => Apache/2 [REQUEST_URI] => /?page_id=508 [PATH] => /usr/local/bin:/usr/bin:/bin [SCRIPT_NAME] => /index.php [REQUEST_METHOD] => GET [HTTP_ACCEPT] => text/html, application/xhtml+xml, */* [SCRIPT_FILENAME] => /home/users/web/b974/moo.theglencoveinpelican/index.php [QUERY_STRING] => page_id=508 [REMOTE_PORT] => 13761 [HTTP_USER_AGENT] => Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0) [HTTP_ACCEPT_LANGUAGE] => en-us [GATEWAY_INTERFACE] => CGI/1.1 [SCRIPT_URL] => / [DOCUMENT_ROOT] => /home/users/web/b974/moo.theglencoveinpelican [REMOTE_HOST] => [UNIQUE_ID] => TY0SOAoBDFgAAEtunNIAAAAE [SERVER_NAME] => [HTTP_REFERER] => [SERVER_ADMIN] => [HTTP_ACCEPT_ENCODING] => gzip, deflate [HTTP_CONNECTION] => close [SCRIPT_URI] => [SERVER_PORT] => 80 [HTTP_COOKIE] => PHPSESSID=97879d128997409c0c3f82a03f0d53b4; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_0661a705c2aeda7d976b12eeeeb0f9ca=admin%7C1301239777%7C87a71ae686a87a4926eb71982c27a079; wp-settings-1=align%3Dleft%26imgsize%3Dfull%26m5%3Dc%26m6%3Do%26m7%3Dc%26m8%3Dc%26m9%3Do%26m3%3Dc%26m4%3Dc%26m1%3Dc%26wplink%3D1%26m0%3Do%26m2%3Dc%26editor%3Dtinymce%26hidetb%3D1; wp-settings-time-1=1301082096 [REMOTE_ADDR] => [SERVER_PROTOCOL

    Can you tell from this why the plugin does not work? Without fixing this problem my website does not work, because some pages contain sensitive information that is not meant for the general public.

    Thank you so much.

  30. Michelle siger:


    I have been looking for a plug in that protects a directory page. Can you tell me if this works for the latest version of wordpress? The password box just keeps looping around and can’t get it to work.

    Thank you

  31. Kim siger:

    Hej Morten.

    Jeg har et problem med dit plugin, som jeg håber du kan hjælpe mig med..

    Når jeg aktivere dit plugin, og så skal ind på den side som er protected, så selvom jeg indtaster det rigtige brugernavn/password, så bliver den ved med at spørge om det igen, og igen, og igen…

    Er der en bug til dette?

  32. Kim siger:

    Hej Morten.

    Jeg fandt dette et sted.. Kan det hjælpe dig med at få pluginet til at virke med CGI?

    Regarding HTTP authentication in IIS with the php cgi 4.3.4, there’s one more step. I searched mightily and didn’t find this information anywhere else, so here goes. When using HTTP auth with the php CGI, you need to do the following things:

    1. In your php.ini file, set “cgi.rfc2616_headers = 0”

    2. In Web Site Properties -> File/Directory Security -> Anonymous Access dialog box, check the “Anonymous access” checkbox and uncheck any other checkboxes (i.e. uncheck “Basic authentication,” “Integrated Windows authentication,” and “Digest” if it’s enabled.) Click OK.

    3. In “Custom Errors”, select the range of “401;1” through “401;5” and click the “Set to Default” button.

    It’s this last step that is crucial, yet not documented anywhere. If you don’t, instead of the headers asking for credentials, IIS will return its own fancy but useless ‘you are not authenticated’ page. But if you do, then the browser will properly ask for credentials, and supply them in the $_SERVER[‘PHP_AUTH_*’] elements.

    • Hej Kim,

      Tak for det, men det er ikke noget jeg kan bruge direkte, det er for dem der kører WP på en Windows-server, og som har adgang til de nævnte indstillinger – det er desværre formentlig de færreste…

      • Kim siger:

        På det nedestående link, har jeg fundet en masse omkring PHP / CGI – Dog er jeg ikke så fantastisk god til php, så håber dette kan hjælpe dig med at få det til at virke med CGI 😀

  33. Kim siger:

    Eller måske dette link kan hjælpe.. 😀

    Du kan godt høre at jeg meget godt kunne tænke mig at det kom til at virke selv om det er i CGI mode

  34. Kim siger:

    For everybody there are using CGI

    You can modify the script a little, and then it works..

    See the link below, and follow that. Then it works in CGI mode..

  35. Corky Seevinck siger:

    I love this plugin. I have a question about an inconsistency that I see please. When I create a page (protected) with a parent page that is a wp e-commerce products page, the login/password does not display – it just goes to my page. However, when the parent page is an ordinary page, the login/password displays fine?
    Any ideas?

  36. Q siger:

    Hi, great plugin, was just what I was looking for.

    Is it possible that when you press cancel to forward to the homepage instead of the showing the ‘this page is protected’ text?

    Any help would be appreciated in achieving this.

  37. Pavan siger:

    Is it possible to apply multiple sets of login / password using this plugin?


  38. Paul siger:

    Hi Morten
    Your plugin works well
    I wonder, is there an enhancement to set (limit) the duration of the cookie ? It now has an perpetual duration (except form cooky cleaning of the browser) but can a limit the access in days, hours or seconds please
    Best Regards


  39. Hermann siger:

    How can the user log out?


  40. Jordi siger:

    Does this plug in run propperly under WP 3.6 on 1and1 servers?. I am asking this question because I am trying to do a web with protected pages and all the time I protect a page, the user and password is requested everytime and it is not possible to enter at the protected page. After writting the user and password correctly, immediately appears the same window asking for user and password.

    So for this reason I am asking if it works 100% on WP 3.6.

    Best regards,

  41. Chris siger:

    Hi !

    This plugin worked for me from version wp3.2 to 3.3 , however upon upgrading to the new version of wordpress, the password protection for a page became inconsistent. Sometimes it shows up, other times the page just remains unprotected. Help. Thank you.