Upgraded to 3.4 now Password Protected Pages not working

I am having the same problem. After entering the correct password for the protected page I’m redirected to the main WP login screen instead of the password protected page.

@candyappledesign: It is impolite and contrary to forum policy to interrupt another poster’s ongoing thread with a question of your own. Please post your own topic.

@roeshead: Have you tried:

– deactivating all plugins to see if this resolves the problem. If this works, re-activate the plugins one by one until you find the problematic plugin(s).

– switching to the Twenty Eleven theme to rule out any theme-specific problems.

– resetting the plugins folder by FTP or PhpMyAdmin. Sometimes, an apparently inactive plugin can still cause problems.

– re-uploading all files & folders – except the wp-content folder – from a fresh download of WordPress.

Deactivating the Better WP Security plugin fixed the problem.

I switched to Twenty Eleven theme and it worked then I switched back to Supermassive theme by ThemeForest and it works within that browser that I tested Twenty Eleven on but not my other browsers or machines.

This suggests to me that there’s something in the Supermassive theme that is blocking the cookie being created. How is that handled differently now in WordPress 3.4 than WordPress 3.3.2 (where Supermassive worked just fine)? How can I even troubleshoot this?

This is a live site so I don’t have time to wait for Themeforest to “look into it”. I’ll need to solve this issue on my own quickly.

Thanks for any insight.

I’m sorry but as you are using a commercial theme, you need to seek support from the theme’s vendors.

I can understand your answer – but obviously in the creation of WordPress 3.4, they changed something of how it handles cookie creation for Password Protected pages. Do you have any idea of what might have changed? How would one troubleshoot that process?

I’m thinking there’s going to be more themes than just the one I’m using that is going to have some issues with this but not as many people are going to notice it because of needing the combination of theme issue with using protected pages and actually testing after their upgrade.

Any pointers of where to look to view this process would be helpful.

Thank you.

There hasn’t been any changes to WordPress cookies as far as I am aware.

Well, the maker of the theme was much more responsive than I thought he would be (I know the people here are always responsive so thank you for that). Turns out that the theme was using a custom password form. Once I removed the code to use that, it worked just fine.

If you don’t know if your theme uses a custom password form (like I didn’t realize mine did), looking in the theme’s functions.php file for something like:

add_filter(‘the_password_form’, ‘custom_password_form’);

Thanks esmi for your help.

No problem. Glad you got it sorted. ??

@roeshead, WP 3.4 doesn’t use wp-pass.php anymore.

If you look at the code under add_filter(‘the_password_form’, ‘custom_password_form’) that calls your custom form function, look for /wp-pass.php and replace it with /wp-login.php?action=postpass

That should fix it up, at least that’s what I used to fix custom password forms.

I expanded on this a bit here for anyone looking for a bit more detail:

https://tummel.me/wordpress-3-4-custom-password-form/

@gsibert FANTASTIC!

I’ve been crawling the web looking for hints on how to fix it, and I am glad I came across your solution – thanks!

Thanks @gsibert!

https admin vs http site issue:
I spent a lot of time looking for a problem with our theme, but our issue turned out to be something entirely different. Maybe this post will help someone else.

If your setup runs SSL on the admin portion of your site, but the public-facing site is not secured, the password cookie isn’t being recognized. If you put the “s” in “http” on the page with the password and it works, you can solve this issue by rewriting the password form in your theme’s functions.php file like this:

add_filter( 'the_password_form', 'custom_password_form' );
function custom_password_form() {
	$url = get_option('siteurl');
	$url = preg_replace("/^http:/", "https:", $url);
	global $post; $label = 'pwbox-'.( empty( $post->ID ) ? rand() : $post->ID ); $o = '<form class="protected-post-form" action="' . $url . '/wp-login.php?action=postpass" method="post">
' . __( "<h2>Enter password</h2>
<p>This content is password protected. To view it please enter the password below:</p>" ) . '
<label for="' . $label . '">' . __( "Password:" ) . ' </label><input name="post_password" id="' . $label . '" type="password" size="20" /><input type="submit" class="submit" name="Submit" value="' . esc_attr__( "Submit" ) . '" /> </form>
';
return $o;
}

The issue of custom password forms not working post update to 3.4 is because the action has been changed on the default WP form.

Where as it was –

get_blotinfo('site_url').'/postpass.php'

It is now –

get_blotinfo('site_url').'/wp-login.php?action=postpass'

Update your custom form and you shoule be good to go.