PHP white page after entering password for a protected page.

This problem may be a plugin conflict. Please attempt to deactivate all plugins. If the problem goes away, re-activate them one by one to identify the source of the problem.

If you can install plugins, install Health Check. On the troubleshooting tab, you can click the button to deactivate all plugins and change the theme for you while you’re still logged in without affecting normal visitors to your site.

Thanks James – I tried this. I deactivated all plugins and switched the theme to twenty-twenty-four. I updated core WP (6.6.2), all themes and plugins. I cleared browser cache and still see the issue with the password protected pages. Is this a WordPress bug? Do other people see this?

Just to recap – whether I enter a correct or incorrect password I get a blank white page. The URL changes to: https://ourURL.co.uk/domain/wp-login.php?action=postpass I don’t see any errors in the logs or in the browser console.

If I enter the correct password and revisit the page I don’t get prompted for the password again as the page is cached. I can install a different plugin like this: https://www.ads-software.com/plugins/content-protector/ which gets around the problem, but don’t like the fact core WP functionality isn’t working.

We recently had a problem like this here in the support forum. The cause was a hosting setting that prevented referrer URLs from being returned in the HTTP header. As a result, after submitting the form for the password, no redirection to the starting point can take place – that’s why you see the white page.

To solve this, you should contact your hoster’s support, as this setting is usually configured in the web server there. It would also be possible to make a setting in the security plugin you are using, if you have one.

THanks threadi. We use So Solid security basic plugin. (SolidWP) Do you know which setting I need to amend? Thanks

I also use this for many projects, but as far as I know there is no setting for this. However, you can test this by briefly deactivating the plugin, testing the form and then reactivating the plugin. If you are unsure about this, it is best to ask in their support forum: https://www.ads-software.com/support/plugin/better-wp-security/

I would still rather suspect a server-side setting that the hosting support would have to clarify.

Hi, Thanks @threadi – I checked with our hosting support and “Referrer-Policy: no-referrer” is set at the server level, which I think is the strictest and is set to keep things as secure as possible (if you disagree be great to hear why and if there’s a better setting we could request).

I wasn’t sure why the WordPress password protect page is using noreferrer – should it really be using some kind of redirect instead?

I found another password protected page plugin called “content-protector” which I tested and it gets around this problem (it must use an alternative to noreferrer). However, I am loathed to use yet another plugin to get around a problem and hope we can find a way to make the core WordPress and config work.