Switchboard DOCS
Docs
Get Started Get Lifetime Deal

Password Protection

Sometimes you need to hide your entire site from the public. Maybe it’s a staging environment you share with clients, a site that’s not ready for launch, or content that should only be visible to people who have the password. This module adds a simple password gate in front of your entire site.

Use Cases

  • Protect staging sites from public view while clients review
  • Hide work-in-progress sites from search engines and curious visitors
  • Create quick private access for a temporary project
  • Restrict access during major site updates or migrations
  • Share preview access with select people using a single password

How It Works

When enabled with a password set:

  1. Any visitor (not logged in) sees a password form instead of your site
  2. They enter the shared password
  3. If correct, they’re granted access for 24 hours
  4. Access is tracked via browser cookies/transients
  5. Logged-in WordPress users bypass the password entirely

Settings

Navigate to Switchboard β†’ Security β†’ Password Protection and click the settings icon.

SettingTypeDescription
Site PasswordTextThe password visitors need. Leave empty to disable protection.

That’s it β€” just one setting. Enter a password and your site is protected.

Who Bypasses the Password

User TypeNeeds Password?
Random visitorsYes
Search engine botsYes (and they can’t enter it, so they’re blocked)
Logged-in SubscribersNo
Logged-in ContributorsNo
Logged-in EditorsNo
Logged-in AdministratorsNo

Anyone logged into WordPress with any role bypasses the password wall completely.

The Password Form

Visitors see a clean, professional password form:

  • Blue gradient background
  • Centered card with password field
  • Clear “Password Protected” heading
  • Mobile-responsive design

The form works on all devices and doesn’t require any theme integration.

Security Features

Rate Limiting

After 5 failed password attempts from the same IP:

  • Access is blocked for 15 minutes
  • Prevents brute force guessing of the password
  • Counter resets after the lockout period

Secure Comparison

Passwords are compared using timing-safe functions to prevent timing attacks.

Session Security

Access is tracked using WordPress transients tied to:

  • Visitor’s IP address
  • User agent (browser info)

This means access doesn’t transfer if someone changes networks or devices.

Admin Bar Notice

When password protection is active, administrators see a red notification in the WordPress admin bar:

πŸ”’ Password Protected

Clicking it takes you to Switchboard settings. This reminds you the site is protected and provides quick access to disable it when needed.

FAQ

How do I share the password with people?Send it via email, Slack, text, or any communication channel you use. There’s no built-in sharing feature β€” it’s just a password you give to the people who need it.
Can I have different passwords for different people?No. This module uses a single shared password. For individual accounts with separate credentials, use WordPress user accounts instead.
Does this protect wp-admin too?No. The WordPress admin area has its own login system. This module protects your site’s frontend (what visitors see). Wp-admin access is controlled by WordPress user accounts.
What if I forget the password?Log into WordPress (your admin account still works normally). Go to Switchboard β†’ Password Protection and view or change the password. If you’re completely locked out, access via FTP and disable the module by renaming its file.
Will search engines index my protected site?No. Search engine bots can’t enter passwords, so they see the password form instead of your content. Your site won’t be indexed while protected. When you remove the password, allow time for search engines to discover and index your content.
How long does access last?24 hours from entering the correct password. After that, visitors need to enter the password again.
Does this protect images and files?It protects WordPress-generated pages. Direct links to uploaded files in /wp-content/uploads/ are not protected. For true file protection, you’d need server-level configuration or a dedicated file protection plugin.
Can I customize the password page design?Not through the module settings. The form is designed to work universally without theme dependencies. For custom styling, you’d need to modify the module code or use a different solution.

Per-Page Password Protection

Already built into WordPress!

If you only need to protect specific pages or posts (not the whole site), use WordPress’s built-in password protection:

  1. Edit the page/post
  2. In the sidebar, find “Visibility”
  3. Click “Password Protected”
  4. Enter a password for that specific content

This is separate from Switchboard and works independently.

For staging sites: Combine with a noindex robots meta tag or robots.txt rule. Even though the password blocks bots, explicitly telling search engines not to index is good practice.

This is not for sensitive data. Password protection is suitable for casual privacy (staging, previews, soft launches). For truly sensitive content, use proper WordPress user accounts with role-based access control.

PRO

Get access to all 147 modules with a single license

Upgrade to Pro
Prev
Email Obfuscator
Next
Open External Links in New Tab