How Password Protect WordPress Pro works?

How Password Protect WordPress works?

  • A page/post is considered “password protected” when you
    • Change Visibility (Edit Page) to Password protected – the default WordPress feature
    • Password protect by roles: set a password for a role when editing a page or post
    • Click on “Password protect this page” button
    • Its parent page or category is protected

  • We automatically generate a random password when protecting a page if there is no password created for that page yet
    • Deleting or deactivating all password of a particular page doesn’t “unprotect” that page. You have to unprotect the page manually.
    • Unprotecting a page doesn’t remove all its passwords. They will reappear when protecting that page again.


  • Passwords must be unique within a protected post
    • You cannot create the same password across different password types, e.g. Global and Role, for a particular post
    • You cannot edit existing password
    • Please note that while you can use spaces when using WordPress default password protected feature (on Classic Editor) – which is a bug, you cannot do so with our plugin.

  • One password may be set to multiple users roles and one role can have multiple passwords.
  • You can create the same passwords across different posts. You can quickly do so under our plugin’s settings. The password is called “Global (shared)”.
  • When a password is entered correctly, the users won’t have to enter it again.
  • You have to re-enter the password when:
    • The password is changed, deleted or deactivated
    • The password’s cookies expire whose expiration time can be set under our settings
  • While a random password is auto-generated when you protect a post, removing all passwords doesn’t make that post become unprotected
  • The password used to protect the entire site is encrypted

Lasted updated on June 20, 2019