• I can’t quite figure out what’s happening with the built-in password protection on a single page. When I activate it, it works fine. But then every time I visit that page, I’m granted access without having to re-enter my password. That’s fine, but when does that page get re-protected? I’ve restarted my browser and I’m still granted access. I’ve cleared my cache and cookies and I’m still granted access. When does that get re-set so the user would have to re-enter the password?

    What are the parameters for password-protected access? I can’t figure this out! Thanks…

Viewing 15 replies - 1 through 15 (of 31 total)
  • Most likely your login is saved in a browser cookie. View the site in a different browser (IE, Chrome, Safari, etc – one you don’t often use), one on which you have never logged into the site as admin. See what happens.

    Thread Starter cowgirly

    (@cowgirly)

    Thanks– yes, the password protection is there if I use a new browser.

    What I don’t understand is when the password-protection is reset? I cleared my cookies and my cache, restarted my browser, and I still wasn’t prompted again for the password. So I don’t understand when that will happen?

    For example, what if someone’s using a public computer and logs in to that page, then another person uses that computer– it seems like they’ll still have access to that page, even after a browser restart… this doesn’t seem particularly secure to me.

    I only have to password protect one single page, and can’t seem to figure out a good way to do it! Any and all thoughts are appreciated…. thanks.

    have you tried logging out?

    Thread Starter cowgirly

    (@cowgirly)

    Yup. Just tried it again. Logged out of WP Admin, refreshed the pages, restarted the browser, and I’m still granted access to that password-protected page which I logged in to ages ago…

    I couldn’t find any WP documentation on this feature– does anyone know if it exists? There’s got to be some kind of reason behind this…

    If anyone has other ideas on how to somewhat securely password protect a single page, I would really appreciate it!

    Thread Starter cowgirly

    (@cowgirly)

    Just found this:

    “After entering the password that first time, WordPress will securely store the password with the browser you entered it with so you won’t have to enter it again.”
    https://en.support.wordpress.com/posts/post-visibility/

    Really? So if someone accesses the page via a public computer, then every other user of that computer will be granted access to that “protected” page?

    Is there any way to change this setting? HELP is appreciated, I need to get this done for a client asap…

    Thread Starter cowgirly

    (@cowgirly)

    *bump* in case anyone has any further info on this… thanks…

    Thread Starter cowgirly

    (@cowgirly)

    You realize that by changing a core WordPress file, every time WordPress upgrades you have to change the file again? It could be ten times a year.

    Plus, unless you are an experienced coder, you could be opening up security holes in your WordPress site.

    Thread Starter cowgirly

    (@cowgirly)

    Okey doke, thanks to you both for that info. Any thoughts on how to do this, then? It seems like there should be a way to automatically log users out before the WP-coded 10 days are up (upon browser close, or *anything*). I can’t believe there is no way to do this– there has got to be a way. Thoughts are very, very much appreciated, as I’m nearing the end of my rope… thanks…

    Did you ever resolve this. I had dialogued with you about it over on the Headway Themes forum too. I now have the same issue! Looking for the answer too. Been reading tons of posts on the WP forum and so far nothing. Fingers crossed you figured it out and can pass on the answer. Thanks.

    Thread Starter cowgirly

    (@cowgirly)

    SheilaHoff, I did kind of halfway resolve it ??

    As posted above, you can change the timeout here, but it will be overwritten whenever WP upgrades:
    https://www.ads-software.com/support/topic/how-to-require-logout-from-password-protected-page?replies=6

    Turns out my client is ok with the 10-day logout, so it’s a non-issue for now.

    But I had also posted on Freelancer.com for someone to code a workaround for this, and found someone with high ratings who said he figured out how to do it. Let me know if you want that info.

    Thanks, you can PM me over at HT or post info here. It’s astonishing to me that there is a simple solution to this.

    Sheila

    (@hoffmangraphics)

    I don’t seem to be able to log-in with my other WP account but I wanted to post that I think I may’ve just found the plug-in solution. It adds a cool lock graphic and then when you’re logged in it adds a button that says LOCK. So then those who are allowed access will need to relock the page on exit.

    https://www.ads-software.com/extend/plugins/better-protected-pages

    Hi, please cowgirly post info here.
    I am using wordpress.com and i do not know how to modify the time logout or have the plugin. ? may you help me?
    Thank you in advance

Viewing 15 replies - 1 through 15 (of 31 total)
  • The topic ‘Password protecting pages — how does it work??’ is closed to new replies.