How to password protect a page in WordPress

Whether you’re running a client-facing business, sharing private content, or testing a new draft, sometimes you need to restrict access to just one page on your WordPress site. The good news? You don’t need advanced technical knowledge to do it. In this guide, we’ll walk you through how to password protect a page in WordPress – using built-in tools, free plugins, or server settings.

We’ll also cover when password protection makes sense, how it works, and what to consider when it comes to broader WordPress security. If you’re looking for a simple way to lock down part of your site, you’re in the right place.

• Learn how to password protect a page in WordPress using built-in settings
• Discover plugins that offer more control over access, timing, and user roles
• Understand the pros and cons of different password protection methods
• Get tips on hiding protected pages from search engines
• Learn why password protection alone isn’t enough and how to secure your WordPress site.

There are plenty of good reasons to lock a specific page without affecting the rest of your site. Here are some common use cases:

• Client-only content: Share invoices, reports, or design drafts securely
• Exclusive content: Protect resources for paid subscribers or members
• Personal content: Limit access to family photo galleries or private blog posts
• Testing content: Restrict work-in-progress pages from public view
• Event information: Share private event details without publishing them site-wide

If you’re a blogger, small business owner, or freelancer, password protection offers a lightweight way to control access without needing a membership system or user login.

WordPress includes a native password protection feature for individual posts and pages. It’s the quickest option and doesn’t require any plugins.

1. Open the page or post you want to protect in the WordPress editor
2. In the right-hand sidebar, find the Visibility setting under the Page tab
3. Click Public, then select Password Protected
4. Enter a password in the field that appears
5. Publish or update the page

Now, when someone visits that page, they’ll be prompted to enter the password before they can view the content.

• Only one password per page
• No way to expire or limit password use
• Password form can’t be customised
• Not suitable for protecting files or downloads

If you need more flexibility, try a plugin instead.

Several free plugins offer more control than the default WordPress feature. They’re ideal if you want to:

• Use multiple passwords
• Hide page titles until unlocked
• Set password expiry times
• Limit access by user role

Here are two beginner-friendly options:

This free plugin lets you restrict access to any content based on user roles or logged-in status.

Features:

• Protect pages, posts, and custom post types
• Use conditions (e.g. show to logged-in users only)
• Redirect users who don’t have access
• Compatible with shortcodes for partial content protection

How to use:

1. Install and activate Content Control
2. Go to Content Control > Rules
3. Create a new rule and select which content to protect
4. Choose who can see it and what should happen if they can’t

Passster is ideal for password protecting sections of a page or post. You can also use it for full-page protection with a bit more design flexibility than the default WordPress option.

Features:

• Shortcode-based protection
• Customisable forms
• Multiple passwords
• Time-based restrictions

This is a great option for creators who want to hide only part of a blog post or add layered access.

Password protection keeps users out but not search engines. Unless you tell Google otherwise, protected pages can still be indexed (including their titles and URLs).

To keep them truly private:

• Use an SEO plugin like Yoast SEO or Rank Math
• Set the page to noindex in the page’s SEO settings
• Block the page via robots.txt (advanced)

This is especially important if you’re using real client names or sensitive content.

Some hosting providers offer tools to password protect content at the server level. This is often used for staging sites, development pages, or non-public areas.

For example:

• cPanel users can go to Directory Privacy to lock folders
• Kinsta users can use the built-in .htpasswd protection tool

• Adds a login prompt before WordPress even loads
• More secure for private environments
• Good for protecting entire directories or media folders

• Not as user-friendly for beginners
• Can conflict with caching or CDN tools

If you just need to protect one page, the WordPress or plugin methods are easier to manage.

While password protection works well for light access control, it’s not full security. It doesn’t:

• Prevent brute-force attempts
• Track login attempts
• Hide media files linked within the page
• Offer user-based access management

For that, you’ll want to use a dedicated security plugin like All-In-One Security (AIOS).

Password protection is useful, but it’s just the start. A security plugin is essential if you want to protect your WordPress site from real threats.

Password protecting a page in WordPress is a quick, beginner-friendly way to control who can access your content. Whether you’re working on a draft, sharing client documents, or limiting private galleries, it only takes a few clicks to get started.

For extra flexibility, plugins like Content Control or Passster offer more control than the default settings. And if you’re serious about keeping your site safe, adding real security features like 2FA, login lockdown, and role management with AIOS will give you peace of mind.