fruitjam

The key plugin was https://www.ads-software.com/plugins/http-headers/ in my initial experiments.

All I had then did was simply enable all the options. Default values where left blank even when enabled. This seemed to help.

However, on experimenting with themes (even those published by WordPress) the effects observed were inconsistent over a number of mobile devices.

Overall, I would say that it struck me that the latest version of WordPress does not support opening of password-protected page on mobiles.

The only viable solution that I have had modest success was in exploring user role with restricted access to posts and pages (recent WordPress convention, as I understand, treats posts and pages the same).

To achieve my goal, I relied on the following links:
Restricting pages to logged in users only
Custom user roles
Disable the admin bar for specific user
Fixing redirect issues

I added the following code at the end of the function.php file of the active theme:

/*Customization for user role based page restriction */
/*Customized on 09-01-2019 */
add_role(
    'custom_subscriber',
    __( 'Custom Subscriber' ),
    array(
        'read'         => true,  // true allows this capability
        'edit_posts'   => false,
        'delete_posts' => false,
        'publish_posts' => false,
                'uploadfile' => false,
    )
);

add_action( 'template_redirect', 'protect_testavcheck_page' );
function protect_testavcheck_page() {
	global $post;
	
	if( $post->ID == 5  ||  $post->ID == 11 ){
		if( ! is_user_logged_in() ){
			wp_redirect( home_url() . '/login' );
		}
	}
}

add_action('after_setup_theme', 'remove_admin_bar');
function remove_admin_bar() {
if (!current_user_can('administrator') && !is_admin()) {
  show_admin_bar(false);
}
}

Before adding the above code section in the function.php file, I had created a page and a post with the slugs testavcheckpage and testavcheckpost, respectively. The respective post IDs were 5 and 11 which I duly noted and placed in the code section as produced above.

To ensure that the administrator bar would not show up for a guest role, or for that matter any other role except for administrators, of course, I also included the last few lines as shown in the code above.

At this stage, I discovered that these were not enough. While there were no problems in conducting the exercise of restricting such a user to a particular post on a PC, on mobile devices, however, the error message that kept on repeating was of too many redirects.

It took me a while to figure out that the wp-login.php was somehow not being recognized on mobile devices. The reason as yet remains unknown to me. However, what I intended to do, and which I did was to install the following plugin:

User Registration Form

What this did was allow me to create separate page [Logging in page or My Account Page] for logging in. All I then needed to do was to change this:

wp_redirect( home_url() . ‘/login’ );

to this:

wp_redirect( home_url() . ‘/my-account’ );

in the file function.php.

Interested forum members can test the links using

guest

as username as well as for the password.

After having gone through available comments on this forum, and other related assorted resources available on the internet, I could finally deduce that the only possible route was to ensure that a referrer-policy has to be set in the first place.

I had the link [Test check] scanned using https://securityheaders.com and found that I was lacking Referrer-Policy among other headers. What I could accrete from available resources was this – that I had to have some form of header control on my WordPress site installation.

I found these addons which helped me set the needed header values:
https://www.ads-software.com/plugins/http-headers/
https://www.ads-software.com/plugins/wp-simple-firewall/

The link test check [replacing the earlier one originally posted] shall be kept available for a few days to facilitate examination by any interested member of this forum. Comments and feedback shall be welcome.

The password to access the page is check123.

Although, the issue would seem to have been solved, in view of the fact that this could not be tested over a wider range of mobile devices other than those to which I had limited access to, forum members’ feedback and advice will definitely be absolutely indispensable to me.

I have taken down the WordPress installation, and have created a new installation and a password-protected page that can be viewed at the following URL:

https://tempstaging.bharatiyavidyamandir.org/testavcheck/

The password to the page is “abc” (without the quotation marks).

I have deactivated all plugins keeping the default theme of Twenty Eleven as the active one.

As before, this password protected page can be opened on any PC / laptop. However, trying to open this page using Firefox / IE / Chrome on mobile device results in the following error message after the password has been entered:

“This is somewhat embarrassing, isn’t it?”

At this point, the URL bar shows the following:
https://tempstaging.bharatiyavidyamandir.org/wp-login.php?action=postpass

In case of a PC / laptop though, the page opens without any problem. The URL itself shows no change and displays the following:
https://tempstaging.bharatiyavidyamandir.org/testavcheck/

Any help at this stage shall be much appreciated.

Without a link to the site there is little help we can offer-

lms.bharatiyavidyamandir.org/testing

The password to this page is “s”.

I came across the following link while trying to search high and low for a solution. While the original poster has posted a solution in the link, I cannot find the relevant line which to change / remove.

https://www.ads-software.com/support/topic/password-protected-page-not-accessible-wp-login-phpactionpostpass-error/

The original poster has suggested the following be removed from the head section of the template.

<meta name="referrer" content="no-referrer"> in the <head>-section of the template.

The problem, in this case is, I cannot figure out as to exactly where to locate this line.

Any help would be much appreciated.

Let us suppose a page has been created that has its visibility set to “Password protected”.

After updating the page, I am able to open the page on a web browser on a PC / laptop after entering the proper password.

However, the same page cannot be opened using the password on a mobile device. Initially, the password-protected page is displayed alright. But on entering the correct password, the following page is returned:

main_site/wp-login.php?action=postpass

Apart from reinstalling WordPress, I have not done anything else. In fact, I could think of no other option.