WordPress allows you to create password protected posts. Recently one of our readers asked if it was possible to hide password protected posts from the site. By default, WordPress hides the content of a password protected post, but it still shows the post title with ‘Protected’ prefix. In this article, we will show you how to hide password protected posts from the WordPress loop.
Why Hide Password Protected Posts in WordPress?
By default, WordPress displays the password protected post with its title and a ‘protected’ prefix. Users will need to enter the password to view the content of the post.
This post title is visible on the homepage, archives, recent posts widget, etc. If you want to keep some content completely private, then this is not a ideal.
Not only users who don’t have password can see the post title, they can also try to enter passwords. As we all know, passwords can be cracked.
Having said that, let’s take a look at how to hide your password protected posts from WordPress loop so that other users cannot see them.
Hiding Password Protected Posts in WordPress
Simply add this code to your theme’s functions.php file or a site-specific plugin.
function wpb_password_post_filter( $where = '' ) { if (!is_single() && !is_admin()) { $where .= " AND post_password = ''"; } return $where; } add_filter( 'posts_where', 'wpb_password_post_filter' );
This code simply modifies the query sent to the WordPress by using the posts_where
filter. It asks WordPress to fetch all posts that do not have a password.
Visit your website and you will see that password protected posts are no longer visible on homepage, archives, or in widgets like recent posts.
You can still visit the post by accessing it through a direct URL to the post itself.
The example above, hides password protected posts from all users. What if you ran a multi-author WordPress site and wanted protected-posts to be viewable by users with the capability to edit private posts?
Simply modify the above code with another conditional tag, like this:
function wpb_password_post_filter( $where = '' ) { if (!is_single() && !current_user_can('edit_private_posts') && !is_admin()) { $where .= " AND post_password = ''"; } return $where; } add_filter( 'posts_where', 'wpb_password_post_filter' );
In this example, we check if a user cannot edit the password protected posts, then only show the posts that don’t have password. Doing so all users with user roles of administrator and editor will see the password protected posts on the front end of your site.
We hope this article helped you hide password protected posts from WordPress loop on your site. You may also want to see our tutorial on how to change private and protected posts prefix in WordPress.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Google+.
David Brown
Thank you for explaining how to *really* do it in code; I wasn’t expecting that from a site called “wpbeginner.com”! (Still works in 2024 and WP 6.5.2, by the way.)
So many sites pretend to offer solutions but really want you to use their plug-in that overcomplicates some simple thing and leaves your site exposed to any vulnerabilities they might introduce and never patch.
WPBeginner Support
It would depend on the site and plugin as plugins can be for simply adding the same code as code from an article without needing to know how to edit files which is why sites recommend them. Glad you found our site and guide helpful
Admin
Rahul Rana
This was very helpful. Thank you very much
WPBeginner Support
You’re welcome glad our guide was helpful!
Admin
Vincent Zhang
Thank you guys so much. This really helped me. I appreciate it. Please keep more of this type of posts coming that do not involve using a plugin.
WPBeginner Support
When a plugin-free solution is available we will be sure to try to include it.
Admin
Louis Burkhardt
Thanks. Works great.
Mark
I created a site specific plugin and followed these steps and it worked for hiding my post on the “Posts” page of my site. However, the post is still visible on a Related Posts widget for each individual post. (Very similar to the image you have above, however my Password protected post is still visible.)
Is there anything I can do to fix this?
Alex
I wanted to make my own code adjustment to show the posts if you could read_private_posts.
function remove_password_protected_posts( $where = ” ) {
if (!is_single() && !current_user_can(‘read_private_posts’) && !is_admin() ) {
$where .= ” AND post_password = ””;
}
return $where;
}
add_filter( ‘posts_where’, ‘remove_password_protected_posts’ );
Great post as usual. Thanks.
Harin
Hi guys
I made a site specific plugin with the following code:
If I try to attach a nextgen gallery to my post, the gallery doesn’t load, as soon as I disable the plugin, the nextgen gallery goes back to normal.
Regards
Brandon
Thanks for this snippet. So helpful!
Regarding hiding these posts from the rss feed, I ran across this snippet.
function rss_filter_protected($query) {
if ($query->is_feed) {
add_filter('posts_where', 'rss_filter_password_where');
}
return $query;
}
add_filter('pre_get_posts','rss_filter_protected');
Chris
Thanks for that great tip!
But are these posts hidden from the loop with your code snippet also hidden from the RSS feed?
Louis Burkhardt
Based on a single test, the pw protected post is hidden from the RSS feed.