Password Protected Pages Not Working

I have deactivated LiteSpeed Cache and the site is now working perfectly.

Just had the same problem and followed this thread picking up a few ideas on the way. Looking at the protected page in Private mode worked fine. Aha! Cookies! After clearing all cookies for the site the password protection worked just fine.

Try this:

One solution is to change your theme functions file (/wp-content/your-theme-name/functions.php), replacing the reference to wp-pass.php with wp-login.php?action=postpass. This has worked successfully on one of the sites that I manage.

Your password protection may be in another functions.php file in a different folder. I found my password protection in
wp-content/themes/themename/lib/functions/functions.php

https://dmjcomputerservices.com/blog/do-you-password-protect-your-wordpress-posts-or-pages/

We just had this same issue. I tried several of the suggestions from this chain. My client’s site was hosted on GoDaddy and password protected pages would not work unless you let the page literally sit there for 30 seconds before putting the password in, then you might have to enter it a second time for it to work and let you through to the content. The developers of the original site found the problem had to do with the google analytics code that was on the page. The code was moved to the root of the site and this solved the problem. Please check your pages for google code and remove it before trying something drastic.

My server uses NGINX, and for me the fix was to bypass this URL in cPanel > Cache Manager > Options.

@karikemp If I could up vote that answer to 100 I would. Most people do not realize that function exists on their host and is such a simple fix. As most here realize this tends to be a cache issue in some form or another. Be sure to check your cpanel cache settings as Kari mentioned above!

It was a caching issue for me, too. But I didn’t have the LightSpeed Cache plug-in turned on. So here’s what I did:

1. In WordPress Plugins, scroll down to LightSpeed Cache and click Activate.
2. Click Settings under LightSpeed Cache v.3.3.
3. Click the Excludes tab.
4. Paste the URL for your password protected page into the Do Not Cache URIs box.
5. Click Save Changes.

My host uses hpanel to manage the site, so I also did this:

1. Log in to host and navigate to site controls.
2. Click Cache Manager.
3. Click Purge All where it says Purge Manually.

I did clear the browser history in Safari and Chrome, but I didn’t on my phone browser. However, all of them appear to be working … for now.

I was having the same problem. The solution suggested by @karikemp worked for me too: set a bypass URL for the page in question within the Cache Manager Options in cPanel – thank you @karikemp!

I am also having this issue with https://viol.us/–first it would not accept any password, and now it is not going to an intermediate login page at all, but just going straight to the content that is supposed to be protected!

The host suggested enabling:

allow_url_fopen
allow_url_include
In the MultiPHP INI Editor in Cpanel

The second was already enabled, but after enabling (and then even after disabling) the first, it bypasses the need for a password in every incognito/private mode browser I have tried.

Ah, okay, I found the fix from KariKemp–thank you so much! That worked on my end–prompts for password, accepts it, and shows page that was protected. Here is the fix from her just in case:

karikemp (@karikemp)
7 months, 2 weeks ago
I was having the same issue. The solution for me was to go into my Cache Manager in CPANEL and add the password protected page as a Bypass URL under the Options tab.

Hi Leon,

I had the same problem. You can fix this error by re-changing the password of your post and make sure to ‘update’ it. Works well for me now.

Hope this helps. Thank you.

Hi!

We also had the same problem. My solution was to whitelist the cookie that wordpress uses (wp-postpass_) for password protection in the CDN that we use for the site (AWS Cloudfront).

In the cloudfront distribution under the Default cache behaviour I added

wp-postpass*

in the whitelist cookie box.

And then the password protection worked!

LiteSpeed Cache – it was the culprit for me.

You DO NOT have to remove/disable it.
You CAN configure it.

In the WordPress menu:

- LiteSpeed Cache > Cache
- [4] Excludes > Do Not Cache URIs
    - enter relative urls (one per line)
    - For example:   
        /sample-page1
        /sample-page2

I spent hours on this.
I tried configuring .htaccess. No beans.
I tried force http->https. No beans.
I removed “drop-in” plugins. No beans.

Finally, simply adding the pages I needed to the “Do Not Cache URIs” box under “[4] Excludes” settings for LiteSpeed Cache… worked.

Here’s the docs to this setting:
https://docs.litespeedtech.com/lscache/lscwp/cache/#do-not-cache-uris
Note: the docs do not mention anything about Password Protected pages.

• This reply was modified 4 years, 1 month ago by jetsquared.
• This reply was modified 4 years, 1 month ago by jetsquared.
• This reply was modified 4 years, 1 month ago by jetsquared.

Hi,

Almost same problem here:

Password protected pages still ask for password after provide the good one BUT when I’m connected to admin, the page is showing. I guess there is something related to cookies.

When “wordpress_logged_in_xxxxx” and “wp-postpass_xxxxx” cookies are both set, I can access to the page. When there is only one of them set, password is asked.

In local environment, I can’t reproduce the issue. The difference is that local is HTTP, when prod is HTTPS.

I’ve tested many fixes suggestions, (changing theme, disable all plugins, etc…).

Any new ideas about this?

• This reply was modified 4 years ago by sbelaud.

Update: $_COOKIE variable seems to be an empty array, even if i can see cookies in Chrome devtools.

Maybe is a cache configuration mistake, but I don’t know how to solve this.