Extend Sitewide Protection Features

Password Protect WordPress (PPWP) makes it super easy for you to password protect the whole site with just one click. By enabling sitewide protection, you can restrict access to your private site. Your visitors are required to enter passwords to see your protected content.

Password Suite extension extends PPWP Pro’s functionality by allowing you to restrict sitewide password usage as well as bypassing password protection via quick access links.

In this article, we’ll walk you through the following sections:

Requirements:

How to extend the sitewide protection feature

In order to restrict password usage as well as creating bypass URLs, you need to migrate all PPWP Pro sitewide passwords to its Password Suite extension.

To do so, navigate to Password Protect WordPress >> Sitewide Protection submenu from your admin dashboard. Then click on “Upgrade Now” button.

Please note that this migration process occurs once and can’t be reversed. After successful password migration, you can manage all sitewide passwords under a new table.

As a consequence, when you deactivate Password Suite extension, you might see an empty password field as image below.

Currently, we haven’t handled the hashed password created by PPWP Free version. So if you’re using a hashed password, please click “Save Changes” button to remove it and then generate a new one with Password Suite.

Restrict sitewide password usage

You can restrict password usage while creating a new password or editing existing passwords.

  1. Usage Limit: the maximum number of times a password is used. The default value is unlimited usage.
    • Let’s say the usage limit is set to 1. If a user enters that password to unlock your site, the others can’t use it anymore. They will see the “incorrect password” message instead.
    • This feature proves useful to prevent users from sharing your passwords without your permission.
  2. Password Expiry: make your password auto-expire after a period of time. In other words, users won’t be able to use that password to access your private site after a given period of time.

When creating a new password, you will be prompted to fill other pieces of information as below:

  1. New Password: unique, no space, case-sensitive, and limited to 100 characters
  2. Label: give extra information for your password, e.g. what it is used for
  3. Redirect URL: define where users will be redirected once entering the password
  4. (Password) Type:
    • Global (default): anyone with the password can unlock your private site.
    • Roles: only specific user roles are able to use the password to access your site.
      • Let’s say you set a password with type Role (editor)
        • Only editors can use this password to unlock your protected site.
        • Other roles, e.g. subscribers, will receive an error message when entering it into the password form.

Bypass sitewide protection

Instead of asking users to enter the password to access your private site, you can grant them direct access via a “quick access link”.

Simply click on “Copy access link” button to generate and copy the quick access link.

It’s worth noting that:

  • An access link is associated with one password by default. That means when you edit/ deactivate/ activate/ delete a password, you’re editing/ deactivating/ activating/ deleting the corresponding access link.
    • You need to create at least one sitewide password in order to generate a quick access link.
    • You can automatically expire the quick access links after a number of days or clicks (usage) just like what you can do with passwords.
  • When users access your private site via a quick access link, our plugin will save the password as a cookie to their browser at the same time. So they can re-visit your site multiple times without proving a password until the cookie expires.
    • You can modify the cookie expiration time under our plugin’s settings page.
    • If users re-access the site via the quick access link, a new cookie will be generated and override the existing one.
  • To avoid increasing the number of password usage every time users reload the private site, the access token will be removed from the page URL once users access the site successfully. This practice might affect your campaign tracking.
  • To get more information about who has used specific quick access links, please get our PPWP Statistics extension.
  • Bypass sitewide protection feature is available with Password Suite only. So if you deactivate it, all quick access links will not work anymore.
Lasted updated on September 8, 2020