Navigate to Password Protect WordPress >> General tab from your admin dashboard and configure some common setting options.


These options below are only available on PPWP Pro unless otherwise specified.

(1) Post Type Protection

This option allows you to password protect not only WordPress pages and posts but also other custom post types, such as “Products” created by WooCommerce plugin. Default: Pages & Posts.

* PPWP Lite/Free supports Pages and Posts protection only.

(2) Cookie Expiration Time

This option determines how long your visitors can access the protected content without having to re-enter the password.

  • Default: 7 days
  • Maximum value: 365 days

By default, if users don’t reload/refresh the page, they will still be able to access protected content even after the cookie has expired.

Session cookies

If you want your users to be logged out right after closing their browser, use session cookies instead. To do so, add ?ppws=1 to the page URL.

For example, when users enter a password to unlock this page, they can keep their access (without re-entering the password) until the browser is closed. When opening the browser again, they will be asked to provide a password.

This feature will work with the following password types:

For PPWP Pro version, you can implement session cookies automatically by adding the following code snippet to your (child) theme’s functions.php file.

* Applicable to passwords of individual content generated by PPWP Pro, including master passwords and category passwords.

add_filter( 'ppwp_cookie_expiry', function() { return 0; });

* Applicable to sitewide passwords created by PPWP Pro & PPWP Suite.

add_filter( 'ppwp_sitewide_cookie_expiration', function() { return 0; });

Limitation: Session cookies will not work if users enable the “Restore previous session” or “Continue where you left off” option in their browsers. These options can make the session cookies never expire.

Note: For Safari, clicking the x button to close the browser’s windows just gets them suspended. As a result, our session cookies will still exist.

To actually close the browser and stop session cookies, please press CMD + Q or right-click on the browser’s icon and click on “Quit”.

(3) Whitelisted Roles

Allow specific user roles to access your private content without entering passwords. User role options include:

  • Admin users (default)
  • The post’s author
  • Logged-in users
  • Custom roles: select multiple user roles at once
  • No one: everyone including admins has to enter a password to access your protected content

(4) Password Protect Child Pages

Enable this option to protect all your child pages when their parent page is protected. This allows you to set the same password to protect multiple pages at the same time. Default: OFF

(5) Password Protect Private Pages

Allow you to use one password to protect multiple pages and posts at the same time instead of password protecting them individually.

(6) Wildcard Passwords

This option lets you use wildcard passwords to unlock the protected content. Once enabled, you will be able to create new passwords with the “Wildcard” type.

Instead of creating numerous passwords with a similar format, you can create one wildcard password, e.g. (*) Then you users can unlock the content as long as they input an email password that contains the domain.

If the “Wildcard passwords” option is disabled, all wildcard passwords will become “inactive”.

    • That means no one can use wildcard passwords to unlock the content.
    • In addition, people who have used wildcard passwords will see the password form again, no matter if their cookies expire.

(7) Protected Content Visibility

This option enables you to control your protected content’s visibility. You can hide the content’s title and password form in different views, such as the home page, categories page or search results page. Default: OFF

* PPWP Lite/ supports Pages and Posts option only.


Our PPWP Pro lets you customize our password form, including headline, description, error message or button text via WordPress Customizer.

Below are the default messages of PPWP single password form.

(1) Form Message

Enable you to customize the message above the password field that best describes your private content and website theme.

Below is a default password form.

(2) Error Message

Allow you to customize the error message which displays when users enter wrong passwords.


(1) Block Search Indexing

Prevent your protected content from being indexed by Google and other search engines. Default: ON

This feature helps stop Google and other search engines from indexing your password-protected content. In other words, once a page or post is password protected, our plugin will add a noindex meta tag to its header so that your protected content won’t be crawled and listed on search results anymore. This option is enabled by default.

In case you password protect your entire site, all your content will NOT be indexed whether they’re protected or not. Unprotected pages excluded from the entire site protection will still be indexed though.

(2) Remove Data Upon Uninstall

Enable this option to remove all password and license information on your website once you uninstall the plugin. Default: OFF

Our Free and Pro version stores password information in different places on your database. If you want to completely remove our plugin’s data, you should enable the option, then remove the Pro first before the Free version.

Lasted updated on August 23, 2021