Known Issues and Limitations


  • Super Admins always see hidden content under PPWP shortcode regardless of selected whitelisted roles.
  • Category protection are not exclusive: Protect parent category doesn’t protect posts under sub-categories.
  • Error messages will display under all password fields in Homepage once entering wrong passwords.
  • Content selection fields under the Settings Page can be empty in some cases especially when selected content is moved to trash or deleted.

Below is the list of issues and limitations of Password Protect WordPress (PPWP) and its extensions. Those conflicts within our control will be fixed in the upcoming plugin releases.

Password Protect WordPress

  • PPWP Free stores passwords in the postmeta table. So it might take time to check passwords and unlock content if you have thousands of passwords.
    • If it takes too long to see protected content after entering the password, you might consider upgrading to our Pro version which stores passwords in a separate table in the database.
  • Quick Access Links containing the plus sign (+) will not work.
  • Redirect users to the homepage after entering the right passwords if Plain Permalink is chosen.
  • The theme you’re using will decide whether users are able to unlock the protected content section (partial content protection) directly on the homepage, category page, and other archive pages.

Incompatible plugins

Temporary solution: Add the following code snippet to your (child) theme’s functions.php file.

add_action( 'ppw_restrict_content_before_check_password', 'ppw_remove_wc_cart_session' );
function ppw_remove_wc_cart_session() {
 if ( ( function_exists( 'is_cart' ) && is_cart() )
 || ( function_exists( 'is_checkout' ) && is_checkout() ) ) {
 remove_filter( 'nonce_user_logged_out', array( WC()->session, 'nonce_user_logged_out' ) );

add_filter( 'ppw_shortcode_before_render_password_form', 'ppw_revert_wc_cart_session' );
function ppw_revert_wc_cart_session( $value ) {
 if ( ( function_exists( 'is_cart' ) && is_cart() )
 || ( function_exists( 'is_checkout' ) && is_checkout() ) ) {
 add_filter( 'nonce_user_logged_out', array( WC()->session, 'nonce_user_logged_out' ) );

 return $value;
  • WPML scrip files might cause our settings page not to load properly. As a result, you can’t modify or save the setting options.

Temporary solution: Add the following code snippet to your (child) theme’s functions.php file.

add_filter( 'ppwp_general_setting_loading_method', '__return_false' );

This plugin uses Soap Client to request system status checking. If you use our plugin to protect your entire site, when SOAP Client checks the system status, it won’t recognize your site as an active one.

As a result, when non-logged-in users make payment via TWINT, they’ll receive an “Unauthorised User” error message on the checkout page.

Temporary solution: Exclude the Homepage from sitewide protection to bypass the request from the SOAP Client.

  • Minify the HTML Output feature of SG Optimizer plugin might prevent users from accessing protected PFD files or downloading EXE files with the following error messages:
    • The PDFs show ‘Failed to load PDF document’. 
    • The EXE files show “Failed – Network error”.
  • Since the EventChamp theme uses its own built-in function to display the password form, not the WordPress’ one, our password protection doesn’t work by default. They don’t provide any hook for us to modify this default behavior either.

Temporary solution: Use WordPress built-in function to show the password form instead of using the theme’s one.


if( post_password_required() ) {
  if( function_exists( 'eventchamp_password_protected_box' ) ) {
    echo eventchamp_password_protected_box();


if( post_password_required() ) {
  if( function_exists( 'get_the_password_form' ) ) {
	echo get_the_password_form();

in page.php and single.php files.

  • Protect part of content shortcode doesn’t work if the protected content includes the Shared Files shortcode.
  • If you’re using the Affiliate Butler Pro plugin’s feature together with ours, a new tab will open automatically when you click on the password field.
  • Unable to access the editor page of some page builders if “Password Protect Entire Site” is enabled.
  • When you set session cookies using WordPress built-in hookpost_password_expires, our sitewide protection cannot be unlocked even with the correct passwords. Please use our session cookies code snippet instead.
  • Unable to display all roles under Password Protect WordPress section in Gutenberg Editor.
  • Conflict with GoDaddy firewall & Sucuri CDN caching: How to make PPWP plugin work with Sucuri Firewall caching.

Resolved issues

  • Show fatal error when upgrading to PHP 8.0 (resolved in version 1.7.5)
  • ppwp shortcode doesn’t work with IE11 (resolved in version 1.5.0)
  • Conflict with WPS Hide Login plugin (resolved in version
  • Unable to edit Master Passwords if Plain Permalink is chosen (resolved in version 1.1.4)
  • Conflict with Beaver Builder: Error message displays under 404 page (resolved in version 1.1.3)
  • Plugin’s popup and metabox don’t work with Plain Permalink (resolved in version 1.1.2)
  • “Whitelist Roles” doesn’t work with “Password Protect Entire Site (resolved in version 1.1.1)
    • Post’s author, if selected, will be able to access their own posts even when the entire site is protected
  • The post reverts the protection status after clicking the Update button on the editor page (resolved in version 1.1.1)
  • Can’t use build-in WordPress function to password protect custom post types (resolved in version 1.1.1)
  • Prevent Direct Access (PDA) Gold Integration
    Protected videos/audios (MP3, MP4) embedded in the content might not work smoothly (resolved in Pro version 1.1.6 & PDA Gold 3.1.3)

PPWP WooCommerce Integration

  • Quick access links of product pages don’t work if activating this plugin (resolved in Pro version 1.3.0)


Our plugin redirect doesn’t work properly when your server referrer-policy is set to “no-referrer”. That means upon entering correct passwords, users will not be redirected back to the protected content. Instead, they will see the login page.

If clicking on the browser’s back button, users will be able to see the content though. We recommend changing the policy “no-referrer-when-downgrade”, which is secure enough, and at the same time, improve compatibility with other plugins like ours.

We’ve since resolved this limitation by adding a “callback_url” parameter for the “no-referrer” policy since PPWP Free version 1.4.3 and Pro version 1.2.1.

Lasted updated on August 1, 2021