Despite being the most popular CMS for many years, and for its flexibility of sharing content, WordPress still doesn’t make it easy to protect your site’s valuable information when you don’t want to share it publicly. Sure WordPress has a built in password protection feature, but as we’ll see this is very limited and doesn’t always work quite as well as you’d like…
In certain scenarios you may not want to share all your site content publicly. For example, online training materials for your team members or private diaries or family blogs which should be available to just you and your relatives.
We’ve covered WordPress membership plugins before, but in this article, we’ll discuss how to use passwords to protect your WordPress content as well as two main ways to make them “untouchable” to unauthorized users.
Is WordPress Default Password Protection Really Secure?
WordPress provides a built-in feature allowing you to lock your pages and posts with passwords on the fly. Once editing or being about to publish a post, you can adjust its visibility easily right in the edit screen.
WordPress sets your post public by default, once you hit publish. But there are two other options to consider which are Private and Password protected. While the former enables only users with admin rights to access your content, the latter lets any users with the correct password to read the protected post.
For password protected content, your password mustn’t contain more than 20 characters. When visitors enter the page or post URL, instead of revealing the content, WordPress displays a password form to ask for authorized access.
Advantage of WordPress’s password protection feature
In a word, ease! WordPress password protection feature allows site owners to secure their content with ease. You create your own password and leave the rest for WordPress.
When landing on the Pages or Posts section, you can see them labeled as Password Protected by WordPress. This supports you in classifying and distinguishing which ones are secured and which are not from WordPress backend.
It enables you to update and change passwords from both the content edit screen or from the Posts listing page. This setting is available under the post and page’s Quick Edit option.
On top of that, if you assign the same password to multiple pages and posts, visitors are able to enter the password once and unlock all the content at once. This helps save them time and improve user experience.
Why WordPress default password protect isn’t enough
The first thing you should keep in mind is that WordPress lets you set a single password per post and page only. Plus, there’s no way to track how many times a user can access the protected content with that password, or indeed who exactly is using that password.
Imagine hundreds of users have this same password with unlimited usages. If one of them shares the password to others, the content you try to protect could be viewed by thousands of people without even you knowing.
Out of the box WordPress doesn’t allow you to apply another security layer to your protected content, for instance, user roles. Requiring specific roles to log in then entering the password is not available in the default setup.
If you want to know who is accessing your content, or want to limit the number of times they can access it, or need to shut specific people out at some later date then you need much more robust password protection features.
Protect WordPress Pages with Multiple Passwords and Set Password Expiration
For more advanced password protection in WordPress, you need a reliable password plugin. Trusted by thousands of users, Password Protect WordPress Pro (PPWP Pro) is the most robust advanced password plugin on the market.
With PPWP Pro you can send each user a completely different password to access certain protected content but the plugin functionality doesn’t stop there. There is much more you can do with PPWP Pro, from auto-deactivating to assigning user roles for them…
Set usage limit and expiration date for passwords
Usage limitation defines how many times visitors are able to use your password to unlock the content. Alternatively set an expiration time which allows you to deactivate a password automatically after a given time.
For example, you set the password usage limit to 1. After a user enters the correct password and accesses the content, it’ll automatically become deactivated even if its expiration date is not over yet. Vice versa, if users enter the password after the expiration date, they will not be able to access your content.
This feature allows you to provide one-time access to your online course materials. After the lesson or the course finishes, the password which has been used once will expire. Students are no longer able to re-read these pages or, perhaps more importantly, they can’t share them with their friends.
In this way Password Protect WordPress Pro reduces the chance users will share passwords to others and gives you have more control over how many times users can access the protected content, or when they can view it with the provided password.
Assign passwords to different user roles
With PPWP Pro each user role may have different permissions and passwords. This allows you to track which roles have used a password to access your locked content.
Besides auto-generating passwords, it’s also possible for you to create passwords manually in both the protected page edit screen or in the password management popup.
PPWP Pro adds a password tab, where you will find an option to apply user roles to your passwords. Global passwords permit all users to fill in the password form but passwords locked to a user role may only be used by logged in users who have been assigned that role. Multiple roles may have the same password.
This acts as a double shield for your content. By providing different users on your websites with varied passwords along with limited usage and expiration, sharing the protected content to non-permitted users without your knowledge is practically impossible.
Provide Passwordless Access with Quick Access Links Instead
One intelligent alternative method that the Password Protect WordPress Pro offers is granting access to protected content without passwords. In other words, instead of giving users a password and require them to enter in the password form, you can simplify the process by providing a custom quick access link. Visitors can click on this link and view the content directly.
Increase ease with passwordless access
This helps save users time and increase security for your content. You can still set usage limits and expiration time for your access links as well. After a certain number of clicks or given time, these links will expire without deleting them manually. Further access attempts using this URL become meaningless.
Prevent brute-force attack
Needless to say, the brute-force attack is the biggest enemy of password protection. Since malicious bots and malware repeatedly try numerous possible passwords, there would be a high chance of cracking your content protection.
The quick access link approach helps you hide the original content URL and prevent ill-intentioned people (or bots!) from entering in the password from.
Not Everything Is Sharable, Notably Your Valuable Content
Password protection is an indispensable tool for site owners with valuable or private content. WordPress does come equipped with a default feature to help users lock their content, but WordPress’ built in features are very limited and only provide for very basic protection. If you need more than the most simple protection then you’ll need a plugin to extend the features of WordPress.
Password Protect WordPress Pro is a powerful tool to assist you in reducing the chance of password sharing by setting usage limits and password expiration, assigning user roles, and especially sending quick access links.
If you have any questions about how to stop users from sharing passwords to your protected WordPress content, let us know in the comment section below.