Password Protect Entire WordPress Site

If you’re building up content for your new website and feel like it’s not ready to publish yet, you might want to password protect the whole site. It means that visitors are required to enter a password whenever visiting any pages on your website. Once they input the right one, they can access every page without restriction.

In this article, we will walk you through some simple steps on how to achieve that with the Password Protect WordPress (PPWP) plugin.

For PPWP Pro version 1.1.1 and greater

# How to password protect the entire site

Step 1: Go to PPWP Settings Page and switch to “Entire Site” tab.

Step 2: Turn “Password Protect Entire Site” ON, you will see a textarea for setting multiple passwords at the same time.

After saving the passwords, go to any page on your website and you will see a password form like below:

Please note that each password is limited to 100 characters and contains no space. And blank lines will be removed automatically.

# How to edit or delete passwords

Unlike previous versions, the site-wide protected password is no longer hashed. It means that all created password will be visible to you, or those authorized to access the settings page, such as Administrator. To change or delete the passwords, go back to our plugin settings page and simply update them under textarea. Don’t forget to save all your changes.

As a result, those who have access to your website via the previous password have to re-enter the password again.

But even if you do not change the password, visitors only access your site until cookies expire, which is set up under Cookies Expiration Time option.

# How to bypass site-wide protection

Everyone has to enter the password to access any pages on your website by default. It increases security, but may also cause some inconvenience. So our plugin provides some ways to bypass this kind of protection in some necessary cases.

(1) Whitelist specific roles

For example, if you are Administrator, you should be able to access your private content directly without entering password. To do that, navigate to “General” tab under PPWP settings page and select “Admin users” for Whitelisted Roles option.

(2) Exclude specific pages

It will become useful if you need to show a notification to visitors, for example, a date that your website will be published, or the reason why the rest of website are protected and how to get the password.

You can select the single pages as well as your “Homepage”, or the main site, e.g. https://passwordprotectwp.com/.

Even though the site-wide protection feature is available in both Free and Pro versions, you have to upgrade to PPWP Pro to exclude any pages from it.

For PPWP Lite & PPWP Pro version 1.1.0.1 and lower

Step 1: Navigate to PPWP Settings Page and switch to “Entire Site” tab

Step 2: Enable the “Password Protect Entire Site” option and set a password, then click “Save Changes”.

# Hashed password

Because the password will be hashed after you click on “Save changes” button, you should save it somewhere manually to avoid forgetting it. There will be no way to help you recover your old password in this case except creating another one.

# Migrate site-wide protected password

If you upgrate from Free to Pro version, our plugin will migrate the hashed password automatically. Site-wide protection is kept and people who have entered password will be able to access your site until the cookie expires.

Lasted updated on September 22, 2019