Everyone has to enter the password to access any pages on your website by default. It increases security, but may also cause some inconvenience. So our plugin provides some ways to bypass this kind of protection in some necessary cases.
Requirements:
- Password Protect WordPress Lite version 1.2.3.1 or greater
- Password Protect WordPress Pro version 1.2.1 or greater
Bypass the whole WordPress site
The following methods allow your users to bypass the password protection of the whole site. That means your users can access any page on your site directly without having to enter passwords.
Whitelist specific user roles
The first and fastest way is to grant access permission based on user roles. By default, your private site is always visible to admin users. If you want other user roles to be able to access your site directly too, navigate to the “General” tab under the plugin’s settings page and select the roles from the “Whitelisted Roles” dropdown list.
Generate sitewide quick access links
Requirement: Password Suite addon on top of PPWP Pro
Instead of sending your visitors a valid password and your site URL, you can send them a single link only. These access links allow your visitors to directly access your private site without being prompted for a password. This feature also comes in handy if you want to grant access to some specific users.
You need to extend sitewide password feature in order to generate sitewide Quick Access Links (QAL).
Whitelist specific IP addresses
Another way is to whitelist your users’ IP addresses. Those coming from whitelisted IP addresses can access your protected content directly without entering passwords.
To use this feature, simply add the following code snippet to your (child) theme’s functions.php file.
add_filter(
'ppwp_sitewide_has_bypass',
function ( $allowed ) {
if ( $allowed ) {
return $allowed;
}
// Add specific or wildcard IPv4 addresses here
$whitelist_ips = [ '127.0.0.1', '116.103.18.*' ];
if ( ! empty( $_SERVER['HTTP_CF_CONNECTING_IP'] ) ) {
$current_ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
} elseif ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) {
$current_ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
$current_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$current_ip = $_SERVER['REMOTE_ADDR'];
}
if ( in_array( $current_ip, $whitelist_ips ) ) {
return true;
}
foreach ( $whitelist_ips as $whitelist_ip ) {
$ips = explode( '.', $whitelist_ip );
if ( count( $ips ) === 4 ) {
$every = '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])';
$ips = array_map( function ( $element ) use ( $every ) {
if ( $element === '*' ) {
return $every;
}
return $element;
}, $ips );
$ip_pattern = '/\b(?:' . $ips[0] . '\.' . $ips[1] . '\.' . $ips[2] . '\.' . $ips[3] . ')\b/';
if ( preg_match( $ip_pattern, $current_ip ) ) {
return true;
}
}
}
return false;
}
);
Bypass sitewide protection partially
The following methods allow your users to bypass the password protection of some pages but not the whole site. In other words, while users can access certain content directly without being asked for a valid password, the rest of your site is still kept private.
Exclude specific pages
This feature becomes useful when you need to show a notification to visitors, e.g, the date your website will be published, the reason why the rest of your website is protected, or how to get the password.
You can exclude the individual pages as well as your “Homepage”, e.g. https://passwordprotectwp.com/, from the sitewide protection.
Please note that this option allows you to exclude pages & posts by default. If you want to exclude a custom post type, you should add this post type to Post Type Protection option first.
Exclude all pages under a post type
Since PPWP Pro version 1.2.1, you can exclude all pages, posts, or custom post types at once by defining our custom constant in your wp-config.php file.
The sample code below allows your visitors to access all your pages and product pages without entering passwords.
define('PPWP_PRO_SITEWIDE_POST_TYPE_EXCLUDES', array('page', 'product'));
Use quick access links of individual pages
A disadvantage of the exclusion method is that all users can access your excluded pages. If you want to grant access to some specific users, you need to use quick access links. Only users who have the links can access your site.
To do so, please follow the steps below:
Step 1: Go to the page you want to grant access and get its quick access link.
Step 2: Navigate to Password Protect WordPress >> Misc tab and enable “Bypass Sitewide Protection Partially” option.
Requirement: Password Suite addon on top of PPWP Pro
