Password Protect Entire WordPress Site

If you’re building up content for your new website and feel like it’s not ready to publish yet, you might want to password protect the whole site. It means that visitors are required to enter a password whenever visiting any pages on your website. Once they input the right one, they can access every page without restriction.

In this article, we will walk you through some simple steps on how to achieve that with the Password Protect WordPress (PPWP) Pro plugin.

Requirements:

Password protect the entire site

Step 1: Navigate to Password Protect WordPress >> Sitewide Protection submenu from your admin dashboard.

Step 2: Turn “Password Protect Entire Site” ON, you will see a text area allowing you to input multiple passwords at the same time.

  • Each password is spaceless and limited to 100 characters.
  • Blank lines will be removed automatically.

After saving the passwords, go to any page on your website and you will see a password form as the image below:

Create new passwords

Unlike previous versions, the sitewide protected password is no longer hashed. It means that all created password will be visible to you, or those authorized to access the settings page, such as Administrators.

To change or delete the passwords, go back to the plugin’s settings page and simply update them under the text area. Don’t forget to save all your changes.

As a result, those who have access to your website via the previous password have to re-enter the password again.

In case you don’t change the password, visitors will be able to access your site until cookies expire. The default expiration time is 7 days and can be modified under Cookies Expiration Time option.

Bypass password sitewide protection

You can bypass password sitewide protection by either generating access links, excluding specific pages or whitelisting specific roles.

Redirect users after login

Since Pro version 1.1.4, you can define where users are redirected after unlocking your sitewide protection.

Users will be redirected to specific URLs, e.g. pricing page or features page, according to the entered password.

Display sitewide login form in the sidebar

PPWP Pro version 1.2.0 comes with a simple shortcode allowing you to display sitewide login form in any location on your site.

[ppwp_sitewide]

You can use it to show password form in sidebar widgets, Gutenberg blocks, or page builder plugins’ elements.

Customize sitewide login form

Our plugin allows you to customize the default password form quickly and easily using WordPress Customizer. You can add a headline, edit the description, change the default logo, and more with live updates.

Show custom landing page instead of password form

If you want to design the sitewide login page using a page builder, please follow the steps below:

  1. Create a landing page using the page builder and display our sitewide login form using [ppwp_sitewide] shortcode
  2. Exclude the page from sitewide protection
  3. Redirect users to your landing page if they haven’t entered any passwords by adding the following code snippet to your (child) theme’s functions.php file
add_action(
	'ppwp_before_show_sidewide_form',
	function () {
		$page_id= 1380; /*your-landing-page-ID*/
		$page_url = get_permalink($page_id);
		$settings_service    = new PPW_Pro_Settings_Services();
		$settings_service->is_exclude_page($page_id);
		wp_redirect($page_url);
		exit();
	}
);

You can get the ID of your landing page by hovering over its title.

Redirect users to homepage when re-accessing the custom landing page

To redirect users with active cookies to your homepage when they re-access your custom landing page URL, simply add the following code snippet to your (child) theme’s functions.php file:

add_action(
   'ppwp_sitewide_handle_before_valid_password',
   function ( $passwords ) {
      if ( 'GET' !== $_SERVER['REQUEST_METHOD'] ) {
         return;
      }
      if ( ! is_singular() ) {
         return;
      }
      $post_id        = get_the_ID();
 
 /*replace 33 with your central login page ID
   replace 'https://passwordprotectwp.com/' with your desired page or homepage */
      $redirect_pages = [  
         33 => 'https://passwordprotectwp.com/',
      ];
      if ( ! isset( $redirect_pages[ $post_id ] ) ) {
         return;
      }
      $password_services = new PPW_Pro_Password_Services();
      $validated         = $password_services->is_valid_entire_site_cookie( $passwords );
      if ( $validated ) {
         wp_redirect( $redirect_pages[ $post_id ] );
         exit;
      }
   }
);

 

In case you want to grant logged-in users access to your protected site by default, simply whitelist them.

For PPWP Lite & PPWP Pro version 1.1.0.1 and lower

Step 1: Navigate to Password Protect WordPress >> Sitewide Protection submenu from your admin dashboard.

Step 2: Enable the “Password Protect Entire Site” option and set a password, then click “Save Changes”.

Hashed password

Because the password will be hashed after you click on “Save changes” button, you should save it somewhere manually to avoid forgetting it. There will be no way to help you recover your old password in this case except creating another one.

Migrate sitewide protected passwords

If you upgrade from Free to Pro version, our plugin will migrate the hashed password automatically. Sitewide protection is kept and people who have entered password will be able to access your site until the cookie expires.

Compatibility with other plugins

PPWP uses WordPress “template_redirect” hook to render the password login form. So this might cause potential conflict with other plugins on your site that are using this hook too. You should know the priority of each plugin to understand how they work together.

For example, if you use PPWP and Protect WordPress Pages and Posts (PPP) plugins at the same time, the PPP will have priority over the PPWP.

In other words, when a user accesses a page protected by both plugins, PPP will firstly check if this user has permission to see the content. If not, the user will be redirected to a “No Access” page immediately and PPWP will take no role in this case.

On the other hand, if the user is granted permission to access the content, PPWP will receive PPP’s result and check whether the user has to enter the password. If yes, it will show the user a password form.

Lasted updated on September 6, 2021