The Wordpress Password Plugin

NOTE: There’s a newer version of this plugin than this page contains. See Wordpress Password 0.6.1.

The other day I got asked if there was a way to password protect a WP blog where the author didn’t have access to .htaccess, didn’t want to create users, send/remind them of their passwords, or manage post security levels. “I just wanna password protect the damn thing. Is that so hard?” Well, at the time, yes. It was. But not anymore!

It took me a couple days to perfect, but here’s my second Wordpress plugin.

Download the Wordpress Password plugin (version 0.4.7): 9kb

When you add the plugin to Wordpress 2.0 or later, it’ll create a new Options sub-menu called Wordpress Password where you can assign a site-wide password to all your Wordpress generated posts and pages, and exclude certain pages from that requirement as well.

More about how it works:

When the plugin is inactive, or active but a password has not been set, no password is required.
The password gets reset automatically when the plugin is activated.
Your WP-Admin Administrator password is still required to reach your WP Admin. This WP-Password plugin just adds an extra layer of password requirement before you can reach WP-admin (remember, it affects ALL WP powered pages).
When you log in, a session-length cookie is set in your browser that signals the plugin to let you pass
If you don’t already have the cookie and aren’t on a page Excluded from the password, you’re shown a login form
If you close your browser and come back, you have to re-login

Forgot Your Password?

FTP into your plugins/wp-password folder
Delete wp-password.php
Log in to your wp admin, view the plugins page
(notice Wordpress Password is missing now)
Re-upload wp-password.php
Re-activate the Wordpress Password plugin.
Activating it resets the password.
Visit Options|Wordpress Password and set a new password.

Version History

0.4.7 2008-01-25 – Fixed a bug introduced in 0.4
- Added “alias” method of working on blogs where the url isn’t the same as the WP url (.htaccess hacks, etc)
- Fixed the case where the site was on “/” and previous versions would strip”/” from the url to check and break (that was a rather stupid bug, no?)
0.4 2008-01-09 – Fixed use for sites not on port 80
- Changed redirection code from header to javascript
- Fixed use for sites aliasing the blog directory
0.3 2007-02-24 – Added Logout and Include/Exclude features per request.
- Logout option: visit any WP powered url of your site with this value pair in the querystring: wp-password-logout=true
  e.g. http://mysite.com/myWPpage/?wp-password-logout=true
  The logout function clears any cookie password value saved and then refreshes the browser. Links to log out can created as: <a href=”?wp-password-logout=true”>>Log out</a>
- Include/Exclude feature: Added the choice to either Exclude certain urls from password protection (past and default mode) or Include certain urls (excluding all others). This is controlled by the Exclude/Include radiobutton in the admin page.
0.2 2007-02-02 – Bug Fixes.
- Excluded items weren’t forced to match beginning of urls, so it was possible to see protected urls by adding a querystring that included an excluded url. Bad.
- Some special regex characters weren’t properly escaped when evaluating exclusions ( . ? etc)
- Added wp-password-debug=1 querystring option for troubleshooting what’s happening on a page. Ruins redirects, but useful.
- Added checking for the ‘www.’ or ” prefix before a domain name (i.e. http://www.broome.us vs http://broome.us).
0.1 2007-01-31 – Initial (public) release.

If you have any questions, ideas, comments, suggestions, praise or rants about the stupidity of passwords on blogs… comment below

This entry was posted on 1/31/2007, 6:42 pm and is filed under Code, web. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

Related Posts
Trackbacks (27)
Comments (294)

#1 written by hardimORG
3/3/2009 - 11:07 pm

Quote

work very well. but can i set different password for every member?
#2 written by atul shevade
3/5/2009 - 4:22 pm

Quote

your password protection plugin is pretty cool …it works. Amazing that one would think that something like this would be easy and available freely … but its next to impossibe to find something like that.

one suggestion: It would be cool if i could send a link to someone I wanted to come and see my blog with the password embedded in the link…
#3 written by Huy Nguyen
3/14/2009 - 2:29 pm

Quote

Do you have a version or plan on making a version that works with WP 2.7.1
#4 written by Sarah
3/15/2009 - 10:08 pm

Quote

Thanks so much for the plugin. It’s exactly what I needed for a client project, and I didn’t want to have to mess with htaccess.
#5 written by elba
3/16/2009 - 4:03 am

Quote

Great plugin. Would be better with a little CSS that users can edit to match the blogs’ main colors…
#6 written by Eve
3/19/2009 - 8:33 am

Quote

Thank you very much!! This plugin is just what I have been looking all over the internet for and it works perfectly, even with the newest version of wordpress (2.7.1.).
#7 written by PatD
3/29/2009 - 10:44 am

Quote

Hi
I’m running a test blog using WP 2.7.1.

WP Password version 0.4.7 loaded successfully.

I’ve set the password and excluded the relevent urls.

When I log out and try to access the site nothing happens.

I can access all the urls that I’ve password protected with WP Password version 0.4.7.

I want to prevent people accessing a particular category and several sub-categories on my site.

Can anyone help me get this plugin to work?

Many thanks in antcipation of your help.

Kind Regards

PatD
#8 written by JB
3/30/2009 - 10:52 am

Quote

Hi PatD. The plugin creates a session cookie in your browser that may still be hanging around. Try closing all instances of your browser then re-opening one to see if it’s really working.
#9 written by drew
4/9/2009 - 3:36 pm

Quote

thank you for such an awesome plugin…
but, when we select an included page from the menu, the password screen arrives, then redirects us back to the index page. But now the session variable is set and the user is allowed into the “included” content area. any help would be greatly appreciated.
#10 written by Emal
4/29/2009 - 2:13 pm

Quote

Thank you SO MUCH !

I’ve been looking for something like this for ages, I had so much trouble understanding htaccess (never managed to make it work).

Good job !
#11 written by Alan
5/10/2009 - 3:25 pm

Quote

Antony — thanks for that quick and dirty fix! Totally worked. (Using wp 2.7.1 with the (awesome) atahualpa theme.)
#12 written by Susan
5/13/2009 - 10:56 am

Quote

When I use the plugin, I want visitors to land on a certain page on my site, but it just goes to domain.com/login.php

How can I change that so it goes to a content page and not the error page that says, “Sorry, no posts matched your criteria,” ?
#13 written by Zutgorak
5/14/2009 - 3:57 pm

Quote

Plugin works great for posts, but i seem to be having some problems
using WP 2.7.1’s function for media. It crunches the image in question
and then it wants a password again. I enter password and i get “are you sure you want to do this” and a “please try again” if pressing that, it loops.

what am I missing?
#14 written by Beth
6/19/2009 - 4:01 pm

Quote

I’m hoping your plugin will work for what I need. I want to protect the downloaded files on the site. I loaded your plugin and chose include for the list mode and then just put /wp-content/uploads* for the URL matching hoping this would require the password to access any of the pdfs we have on the site. No such luck – everything opens without a password. Any suggestions? Thanks!
#15 written by JB
6/19/2009 - 4:48 pm

Quote

Sorry Beth, that’s not going to be something this plugin can do… This plugin only affects Wordpress pages. A PDF (or .doc, or .gif, etc) in a WordPress directory will be unaffected.

I think what you’re looking for is .htaccess You can get similar functionality as far as protection goes, and it can affect all files. The tradeoff is that it’s a bit harder to manage. Check out this site for more information: http://www.widexl.com/tutorials/htaccess.html
#16 written by Collin Kelly
6/29/2009 - 1:51 pm

Quote

So I’ve installed this plugin. The idea is brilliant… however I’m having trouble with it redirecting to the root from where the original blog is installed.

I don’t have an alias redirect going on, so I’m wondering if it’s the plugin that’s redirecting or if it’s the way that Network Solutions is handling the redirects. VERY curious if anyone else (including the author) has encountered this issue.
#17 written by JB
6/29/2009 - 9:36 pm

Quote

Hi Collin,

You can use the debug parameter (documented somewhere in this thread, or the readme…) to watch what happens and see if it’s the plugin forcing the redirect. Instead of actually redirecting, it’ll just tell you that it intends to. That might help track down the source of the problem.
#18 written by Christine
7/8/2009 - 6:24 pm

Quote

For some reason, my login page lost its styles. It is referencing the most recent version of wp-admin.css in the wp-admin folder, however only parts of the page are getting the styles. Was there something with the upgrade to WP 2.8 and the plugin that would cause this to happen? Any advice would be appreciated.
#19 written by Christine
7/8/2009 - 7:34 pm

Quote

PROBLEM ABOVE SOLVED
The blog was upgraded to 2.8 from a very old version of WP, so styles/images were no longer existing. I grabed the css and images from an old version of WP and just referenced them in the plugin files. All is working fine now.
#20 written by Jan
7/20/2009 - 9:34 am

Quote

I first tried the 0.4 release on the WP plugins page. I use WP 2.8.1. But it didn’t work.
Then I went to this plugin homepage and used the latest version 0.4.7 and now it works.

2 suggestions:
-please update the WP plugin page with this new version
-the login page is not in the same “style” as WP2.8 I think it has to do with the fact you copied and modified the original wp-login.php of an old WP version. This way of working is not very future proof. You should try to keep your modifications seperate from the original file.

Just my 2 cents
#21 written by Jan
7/20/2009 - 1:57 pm

Quote

I modified your plugin so password will be checked case-insensitive. Maybe you could add it and add an extra option if you want this or not.

Can someone confirm that WP password plugin works including the original look and feel of the login page with WP 2.8.1

I uploaded the login page shown when using WP password plugin and when deactivited (standard/original login):
http://i29.tinypic.com/2z4ycky.png
http://i29.tinypic.com/261l1xk.png

It’s possible to use this plugin with “BM custom login” so I can change the logo etc…
#22 written by Joe
8/24/2009 - 5:53 pm

Quote

Jan, how did you make it case-insensitive?

I too would love to see more option in a control panel kinda way about changing the look and feel of the password prompt.
#23 written by Brandon
9/1/2009 - 1:16 pm

Quote

I am getting the following when I go to a page that meets the password protection string:

The server encountered an unexpected condition which prevented it from fulfilling the request.
The script had an error or it did not produce any output. If there was an error, you should be able to see it in the error log.
#24 written by Dash
9/7/2009 - 2:07 pm

Quote

I am getting this error, running the latest version of Wordpress. I would really love to use your plugin, it’s exactly what I need. Any suggestions on how to fix this?

Fatal error: Call to undefined function load_plugin_textdomain() in /home/content/82/4746082/html/wp-content/plugins/wp-password/wp-password.php on line 28
#25 written by Dash
9/7/2009 - 2:24 pm

Quote

The same error occurs on 0.6 of this plugin.
#26 written by Dash
9/7/2009 - 2:48 pm

Quote

fixed that. now my problem is that it doesn’t redirect to the page requested after login
#27 written by Graham
9/15/2009 - 9:00 am

Quote

Hi,

I am about to set up a blog (using WordPress hopefully) and would like to give different users (clients of mine) access to different areas of the blog. I would like to give each client a username & password to enable this to happen. Is this possible and, if so, is there an idiot’s guide to getting this set up?

I have a hosted domain name and presume I’d have to go with the premium version of WordPress. Am I correct?

Thanks,

Graham
#28 written by Joe
9/15/2009 - 11:03 pm

Quote

Does anyone know how to alter this code so that I can input multiple passwords that would work? That way I can ask a few questions, allow for misspellings, not worry about case-sensitivity, etc?)

Thank you!
#29 written by Akemi
9/26/2009 - 8:00 pm

Quote

I have been looking for this, thanks for share.
It’s working on me
#30 written by Jana
9/27/2009 - 4:40 pm

Quote

Using WP 2.8.4 and having the same issue where it won’t redirect after login. Is there a fix??
#31 written by JB
9/27/2009 - 7:55 pm

Quote

@jana – just today I put out version 0.6.1 (it got a shiny new post and everything) to fix that problem.
#32 written by Belinda
10/3/2009 - 1:25 am

Quote

Hi JB,

By the looks of it your plug in is just what I need. I don’t want to mess with users, just need one password to protect some pages for my members’ area.

I have downloaded and activated the plugin, I tried a basic password, and “includes” as I have only a few pages to include at this stage.
I included the file /member_area.php and then saved password options, and noting seems to be happening at all.

I don’t think I’ve missed anything, can you shed any light?

Much appreciated.
#33 written by JB
10/3/2009 - 10:56 am

Quote

@Belinda,

The WP Password plugin only works on pages powered by WP. If member_area.php isn’t using the WP function the_content() to display the page, this plugin won’t help at all. Hope that clears up why it’s not doing anything.
#34 written by Neil
11/2/2009 - 12:35 pm

Quote

Thanks, this works a treat and is something I’ve been looking around for for ages.
#35 written by Jason
11/2/2009 - 1:47 pm

Quote

Thank you for the great program!

For some reason after I installed the plug-in, I cannot access my site or my wordpress admin login. I get this message:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, support@supportwebsite.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Any help would be appreciated!
#36 written by JB
11/2/2009 - 5:39 pm

Quote

@Jason: If you installed this and then started getting errors…er, that’s not a great program.

What version of WordPress are you running?
#37 written by Andy
12/1/2009 - 11:07 am

Quote

Any chance the plug-in can be upgraded to the most current version of WP?
#38 written by Josh
12/12/2009 - 1:20 pm

Quote

this plug-in is awesome,
however…

I am constructing a site for a group that needs to be able to “log-out” once finished with the blog as majority of the editing will be done on public computers at a university. I want to prevent someone else going onto a computer in which the site was previously logged into and thus being able to access it without having to know the password. Any ideas for a “log-out” link to place in the blog??
#39 written by jeff
12/14/2009 - 3:11 pm

Quote

Wanting to not allow access to (pages/posts) regardless of how someone arrives, directly or via RSS. I seem to be able to bypass the password screen via an RSS feed. Also there was a rule by default that was there when installed. It was accidentally changed and I can’t get it back, even by de-installing/re-installing it remembers the new modification. Please advise.
#40 written by JB
12/16/2009 - 12:52 pm

Quote

@Andy, not aware of any problems with this and the current version of WP. Got something particular in mind?
#41 written by JB
12/16/2009 - 12:53 pm

Quote

@Josh, There are instructions in here somewhere for creating a log-out link. I know I left them in one of these posts.
#42 written by JB
12/16/2009 - 12:54 pm

Quote

@Jeff: RSS is definitely a problem. Someday when I’m so independently wealthy I don’t have to work for a living, I’m going to rewrite this plugin to take better advantage of WP’s existing code that comes close to the ability to do this… but doesn’t go all the way (for security reasons, I’m sure).

The default rule should’ve been to exclude wp-admin in urls, so your access to the admin pages of WP isn’t hampered.
#43 written by Ben
12/22/2009 - 1:13 pm

Quote

Where can I download the newest version with css fixes? Thanks for sharing this plug in with us.

JB:

@jana – just today I put out version 0.6.1 (it got a shiny new post and everything) to fix that problem.
#44 written by greg runco
3/1/2010 - 11:35 pm

Quote

Dude I’m freaking out here… used your plugin and now I can’t access my page… it doesn’t ask me for the password I gave it, my website won’t load at all and neither will my admin login page. Please contact me ASAP. Thank you!!!!!!!!!!

FYI… when I visit anything i get this URL and then nothing loads!??! http://runcosweeklymusic.com/wp-content/plugins/wp-password/login.php?err=&destination=/wp-login.php

« Previous 1 ... 4 5 6

Brainspill

The Wordpress Password Plugin

No related posts found.

Shameless Promotion

My Own Favorites

The Very Latest, Anywhere…

Del.icio.us Links

Meta