Need help? Check out our Support site, then


WordPress.com Forums » Support

Password-protected pages

  1. drhaisook
    Member

    Hi there,

    First off I wanna say I've come from Blogger to WordPress, and what a big difference I felt! Anyways,

    I've set up a page other than the blog (like the About page, for instance), and I've chosen it to be password-protected. Now when I type the pass, the next times I enter the page, it's open, even when I shut down the whole website, and restart my internet explorer, and even when I sign out.

    I know this has something to do with 'cookies'. I want it to demand the pass everytime I enter the page (the main, not the subpages though). How could that be done?

    Thanks in adv :)

  2. paradox
    Member

    I thought that this was weird as well, and I thought that's because I'm the author, but that happens on all computers. The only thing that I found will close it again, is changing the password.

  3. ryan
    Staff

    I think post password cookies expire after 10 days.

  4. drhaisook
    Member

    Is there any option in Internet Explorer to not save the cookies of a particular website?

  5. options
    Member

    MS IE can either comletely block or allow to set cookies for host.

    there are tools like Proxomitron et.al. which make cookies session only.

  6. redhead81
    Member

    Does that also go with Safari on Mac's? I used to be only a Windows user up until late last year, and everything changed - so did options for software and whatnot.

    I have discovered that same problem when locking entries. I close down the browser, come back to my site and it's still showing up.

  7. options
    Member

    Safari doesn't let allow session cookies either.

    and since "post password cookies expire after 10 days", -- as ryan correctly noted, then if this Mac is shared w/ someone you don't want to read your protected posts you have an option to delete cookies: http://www.aboutcookies.org/deletecookies.asp#amsafarix

    PS
    there's some hackish workaround, but that's completely another option (would be off-topic here ;-)

  8. oinky
    Member

    so there is no other way?
    what if i'm on a terminal that has administration rights and doesn't allow me to clear the cookies?

  9. oinky
    Member

    ok so there is no other way...

  10. drmike
    Member

    Wait a minute. You have admin rights and you're not allowed to clear cookies? That sounds backwards....

  11. greenpasture
    Member

    What I noticed is that if you have more than one pass-word protected Pages (with different passwords), then the cookies will only remember the last password you used.

    So, this is a work-around solution (my suggestion only, as someone who does not know much about computer).

    Create an empty password protected Page and each time before you sign off, enter the password into your 'empty' page, that way your cookie will only remember the password of that empty page and will not display the password of the other Page(s) that you want to keep private.

  12. trying2be
    Member

    I have passworded a page. Yet when I look at it it shows up. I have noticed that if I put a / after the url then the password page comes up, yet is I remove the / then the page shows up for all to read. So, I'm now nervous of using the facility to password a page/post if all people have to do is take the / away from the url.

    Is anyone else having this problem?

  13. drmike
    Member

    Are you logged in to your WP blog? They show up if you have Admin status.

  14. oinky
    Member

    oops! corrected question below

    "so there is no other way?
    what if i'm on a terminal that doesn't have administration rights and doesn't allow me to clear the cookies?"

  15. cyanee
    Member

    hmmm... maybe the cookies should really be changed.
    the password should rightfully expire when we exit the browser... becasue cookies for 10 days aren't really safe!

  16. drmike
    Member

    Remember though that that cookie is just for that post.

    I agree though. 10 days is a tad long. Maybe you should send in a feedback on this one. Matt and crew have stated int eh past that that's how they keep track of stuff like this.

    Good luck,
    -drmike

  17. cyanee
    Member

    the cookies only expire if we only go and manually delete away files and history in the internet options... and we canot really expect our readers to do that...

    so yeah...right now we can't do anything about the page being displayed for 10 days

    sent them the feedback ;)

  18. drmike
    Member

    I would think even an hour would be too long. I'm rather curious as I do hosting as well and this has never come up over there.

  19. oinky
    Member

    anyone happens to key in the password for a protected page and it jumps to the main page instead?
    it happens to me everytime and i had to click the back space to go to the page i wanted to view
    and the page is already open since i keyed in the password
    seems weird

  20. sweetmagdalena
    Member

    Do you know if this cookie issue has been resolved? Furthermore, if, as you noticed, greenpasture, it retains the last password entered, does that mean that a group of posts could all have the same password, and upon entering that password, the reader could view all of that group of posts without re-entering the password? hehe, As you can tell, I am _eagerly_ awaiting the implementation of site-wide password protection.

  21. drmike
    Member

    site-wide password protection

    I could have sworn that we were told that this wasn't planned fo and we were directing people who needed it to a paid host.

    Feedback sent.

    Looking at the database on my install, the password is saved into each post record. So entering a password will onyl work for that specific post.

  22. andy
    Staff

    I don't know of any plans for site-wide password protection on WordPress.com.

    You can set up HTTP authentication for your own hosted WordPress installation but WordPress itself does not handle that kind of privacy.

    As for post passwords, only one password cookie is stored and it is not indexed by post ID. Thus, having the password for one post will allow you to view ALL posts having the SAME password until you clear cookies or enter a different password for a different post.

  23. drmike
    Member

    Oops, my mistake on that last bit. Sorry about that. :)

  24. sweetmagdalena
    Member

    Drmike - I got the site-wide protection idea from here:

    http://faq.wordpress.com/2006/05/07/can-i-password-protect-my-whole-blog/

    Thanks for the feedback, and thank you andy as well.

    :-)

  25. drmike
    Member

    Thanks for pointing that out to me. That's the first I've seen of it. Rather strange as IIRC Matt seems to strongly feel the importance of open blogs. I may be mistaken though.

    Oh, Podz.... :)

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags