How To Protect Content In WordPress

Learn how to protect content on your WordPress posts and pages. This tutorial covers making posts and pages private and password-protecting content in WordPress.

How To Protect Your Content In WordPress

How To Protect Your Content In WordPressIn this tutorial, you will learn how to create private and password-protected posts and pages on your site using built-in content protection methods in WordPress and other ways to protect your content and download files using WordPress plugins.

Go through this tutorial to learn how to restrict content to certain users and/or make your content inaccessible to your WordPress site visitors.

We also recommend completing the following tutorial to learn more about adding, protecting, and managing downloadable files In WordPress: How To Add Downloadable Files In WordPress

How To Prevent General Site Visitors From Viewing Content On Your WordPress Posts And Pages

There are several ways to prevent site visitors and unauthorized users from accessing some or all of your site’s content.

Some of the more common reasons for protecting content on your posts and pages include:

  • To prevent users from accessing some of your content (e.g. restricting content on specific posts, pages, categories, etc.)
  • To provide information only after users have made a purchase on your site (e.g. downloadable info products).
  • To restrict certain types of information to specific groups of users (e.g. wholesale price lists and trade catalogs, confidential forms and business documents, updated members lists or databases, private company data, etc.)
  • To get users to register as members  or subscribers before allowing them to view or access your content (e.g. a newsletter, private membership site, etc.)
  • To offer discount coupons or “how-to” information that can only be unlocked or revealed to users with a special password, or after performing a specific action (e.g. social sharing your post with others).
  • And more.

Let’s go through some of the ways you can protect content on your WordPress site:

WordPress Content Protection Method #1: Deep-Nested Content

This method is more about ‘hiding’ your files inside a deep-nested post or page than actually protecting them from unauthorized users.

Essentially, it’s a useful method for sharing unprotected content or downloadable files where it wouldn’t really matter if some visitors were to occasionally come across it on your site.

For example, let’s say that your goal is to get visitors to subscribe to your newsletter but you don’t have any exclusive content to entice them to sign up–at least nothing that requires setting up some high-level form of protection. An example of this could be sending subscribers to a page with embedded YouTube videos, audio files, or a report or downloadable resource that is available online for free (e.g. from a Government department).

An example of content that doesn't need high-level protection.
This content doesn’t need high-level protection. Let’s just make it hard to find.

In this case, all you need to do is add your content somewhere on your site that’s not easily found.

Here are the steps you can take to do this:

  1. Add your content or downloadable file to an unprotected ‘thank-you’ page,
  2. Make your ‘thank-you’ page a sub-page (or sub-sub-page) of another page,
  3. Change the post slug/page URL to something meaningless (or something that will only make sense to you), and
  4. Hide the post from your navigation menus and site map.

Here are some examples of thank-you page URLs you could create to hide your unprotected content or download file:

  • http://yourdomain/coming-soon/dl/2020/asdfgh1256
An example of a deep-nested page with unprotected content.
Add your unprotected content to a deep-nested page.

Now, just set up your opt-in form and direct your new subscribers to your deep-nested and hard-to-find ‘thank-you’ page.

Newsletter opt-in form.
Use this method to get more subscribers without offering content that requires high-level protection.

Another example of using this method is if you make a presentation (e.g. at a business networking event) and want to make your presentation slides or notes available to event participants and get them to subscribe to your lead generation list so you can follow them up after your presentation. It wouldn’t really matter if someone who did not attend the event came across these slides or notes on your site.

An appropriate method in this instance would be to add your notes to a deep-nested page, hide it from your site’s navigation menus and sitemap, and share the URL with event attendees only.

WordPress Content Protection Method #2: Password-Protecting Posts And Pages

Let’s suppose now that, unlike the previous method, you do have content that needs to be protected from general access, but still doesn’t require investing time and money into setting up a high-level form of protection.

WordPress lets you easily create password-protected posts and pages so that only people with the correct password can view the content on a specific post or page.

To password-protect a post or page, do the following:

Log into your WordPress site, and find the post or page you want to password-protect.

WordPress Table of Posts
Bring up your Table of Posts or table of Pages and find the post or page you want to password-protect.

If you have already created the post or page, then you don’t need to open your file. Just click on the Quick Edit link below the post or page you want to password-protect.

Quick-Edit link
Click on the Quick Edit menu link.

This will expand the in-line editor.

Quick Editor
Quick Edit screen.

Enter a password into the ‘Password’ field.

Quick Edit - Password field.
Add your password in the Quick Edit screen.

Click Update when finished to save your changes.

Quick Edit - Update button.
Update your post settings.

Your post status will change to Password protected.

Your post is now password-protected.

To see how your password-protected post will look to your site visitors, hover over your post title and click on the View link.

Post entry - View link.
Click View to preview your post as your visitors will see it.

As you can see, the entire post is now password-protected. Only users with access to the password can unlock the post (or page) and view its content.

An example of a password-protected post.
This post is password-protected.

With a password-protected post or Page, WordPress will:

  • Add the word “Protected” before the title of your password-protected Post or Page, and
  • Display a form asking users to enter the password in order to access the content.

Additionally, WordPress does not display your post excerpt when the content is password-protected. This includes your blog page, widgets, RSS feed, and any other locations that use post excerpts.

RSS Feed widget with password-protected entry.
Excerpts do not show for password-protected posts.

You can also password-protect a post or page while you are working on the content by creating or editing the post or page and clicking on Publish > Visibility > Edit.

Publish box - Visibility: Public - Edit link.
Publish box – Visibility: Public – Edit link.

In the expanded Edit section, select ‘Password protected’, enter your password in the Password: field, and click OK.

Publish box - Password protected option
Add your password and click OK.

Click Update to save your changes.

Publish box - Update button.
Update your post settings.

Your post or page is now password-protected.

Password-protected post.
This post is password-protected.


Additional Information On Password-Protected Posts

  • Only an Administrator, Editor, or the post’s Author can change a post’s password or visibility setting. To access the “Visibility: Edit” link, go to your Posts or Pages screen, find the Post or Page you want to edit, and click on the Quick Edit link. (Tip: you can use this method if you ever forget the password of a Post or Page).
  • When password-protecting many Posts or Pages, WordPress will store your password in a browser cookie so your site visitors don’t have to re-enter passwords if they visit the same page a number of times. Also, if you add the same password to multiple Posts, the user will only have to enter the password once to access every post, except if two or more posts use different passwords.
  • Because WordPress only tracks one password at a time, if two or more posts use different passwords, users will have to re-enter the password if they visit a Post that requires a different password to access the content and then try to revisit the previous post.
  • You can change the password of your password-protected posts or pages as often as you need to. This is useful in situations where you don’t want people who have had previous access to the content to access the content again. For example, if you offer new discount coupons every week or if you plan to occasionally reward new subscribers with different products or downloads, etc.

WordPress Content Protection Method #3: Make Your Post Or Page Private

By default, when you make a post or page private, only logged-in users assigned the role of Administrator or Editor can view a private post or page on your site. When anyone else tries to access a post or page marked private, they will not be able to see it.

Example of a private page
Private pages do not display to site visitors.

To make a WordPress Post or Page private:

Log into your WordPress site, go to your Posts (or Pages) screen, find the Post (or Page) that you want to make private, hover over the post or page title, and click on the Quick Edit link.

Quick Edit link.
Click on the Quick Edit menu link.

This will expand the inline editor.

Quick Edit screen
The Quick Edit screen.

Tick the Private checkbox.

Quick Edit - Private checkbox.
Tick the Private checkbox.

Remember to click Update to save your changes.

Quick Edit - Update button
Update your post settings.

To make a post or page private when creating or editing a post or page, click on Publish > Visibility > Edit then select the Private option and click OK.

Publish box - Private option.
Select the Private option and click OK.

Remember to click Update to save your changes when finished.

Publish box - Update button.
Click Update to save your post settings.

Your Post (or Page) status will now display as Private and be added to the Post or Page menu. Only logged-in Administrators and Editors will be able to see it.

Private post.
Only logged-in Administrators and Editors can see your private post.

Additional Ways To Protect Your Content

Password-protecting a Post or Page using the WordPress password-protect feature offers some level of content protection, but it also has the following limitations:

1) All users share the same password

If you want each user to have his or her own password, then you will need to set up your site so that only registered users are allowed to view your content. This can be easily done using plugins that turn your WordPress site into a membership or eCommerce site (see below).

2) All content on the Post or Page is protected.

When you password-protect content on WordPress using the native WordPress function, everything on your Post or Page is protected. Many membership plugins will let you password-protect or restrict only sections of your content to logged-in or registered users, leaving the rest of the content on that post or page available to general users. This is useful if you want to display “teaser” content to entice visitors to subscribe or purchase access to the full content.

So, in addition to the built-in features that WordPress makes available for password-protecting your content and creating private posts and pages, you can also use methods that rely on using plugins to protect and restrict your content.

WordPress Content Protection Method #4: Use A Membership Plugin

One way to overcome the limitations of using WordPress’ default password-protection features is to use Membership plugins.

Membership site login page.
Use membership site plugins to create unique user password-protected logins.

Membership plugins:

  • Allow individual users to have their own separate login details, This eliminates the problem of having to change your password details and notifying every user of updated login details whenever there is a security or password breach (e.g. someone distributes your login details to unauthorized users).
  • Allow you to set membership levels, so different users can access, view, or download different content depending on their membership level.

To learn more about setting up membership sites in WordPress, see the tutorial below: How To Set Up A Membership Site In WordPress

WordPress Content Protection Method #5: Use A Partial Content Protection Plugin

There are plugins you can install on your WordPress site that let you provide ‘partial-content’ protection to users using shortcodes.

This allows you to make some or most of the content on a Page or Post visible to online users while protecting information that only users with special access can view or access.

Contact us if you need help protecting specific content on your site.

WordPress Content Protection Method #6: Use A Content Lock Plugin

Some content locking plugins combine partial content protection with social media sharing and list-building capabilities. This can help drive viral traffic to your WordPress site and add subscribers to your business.

You can partially protect content using plugins like Social Locker (a premium WordPress plugin) that will “unlock” your content when someone performs a social sharing action like clicking a Facebook “Like” button or sharing your page or video on Twitter, for example.

Social Locker - WordPress social sharing and content locking plugin.
Social Locker – WordPress social sharing and content locking plugin.

Social Locker allows you to offer something of value for free to your visitors (e.g. a valuable tip, special report, a discount voucher, etc …) on your site. Your special content is hidden or “locked away” in your post and can only be unlocked when your visitor performs a desired action to get the free content such as liking you on Facebook or posting a tweet about your site on Twitter. This action helps drive free traffic to your site … virally!

WordPress Content Protection Method #7: Use An e-Commerce Plugin Or Solution

If you use or plan to use WordPress for e-commerce, most plugins will have built-in content protection features as part of their solution or service.

eCommerce - Customer login screen.
WordPress eCommerce plugins offer many built-in content protection features.

To learn more about using WordPress with e-commerce, go here: WordPress e-Commerce

Protecting Your Content From Being Copied Or Stolen


It’s practically impossible to prevent people from stealing content that is visible on your site (e.g. text and images). The web was designed to share content online. The plugins presented below will simply prevent those who really can’t be bothered to dig deeper into the source code of your pages.

In addition to locking and hiding content, there are also plugins that try to prevent other people from copying/stealing your content.

For example, a Free WordPress plugin like WP Content Copy Protection prevents people from selecting and copying text on your site or right-clicking on your images and saving them to their own hard drives by disabling the right-clicking and text selection function on your site.

WP Content Copy Protection Pro - WordPress plugin.
WP Content Copy Protection Pro – WordPress plugin.

Protecting Your Images

If you are worried about people stealing your images, there are a few options you can look at implementing.

One option is to add a watermark to your images using a Free WordPress plugin like Image Watermark.

Image Watermark - WordPress plugin.
Image Watermark – WordPress plugin.

This plugin lets you add a watermark letting people know who the original owner or creator of the image is and tracing the image back to the originating domain.

Example of a Watermarked image.
A Watermarked image can help protect your images from being stolen.

Another preventative measure you can take to stop people clicking on your images and saving them to their computer is to use a plugin like No Right Click Images.

No Right Click Images Plugin.
No Right Click Images Plugin.

This plugin disables the context menu on images only allowing other right-click actions, such as links, to work normally on your site.

For additional information on ways to prevent content theft on your WordPress site, see this tutorial: How To Prevent Content Theft In WordPress

Content Protection – Additional Tips And Information

Tip #1 – If, for whatever reason, you find yourself changing the visibility settings of most of your Posts or Pages to “private”, then install and activate the Private Post By Default WordPress Plugin.

This plugin automatically sets all the Posts and Pages you create to “private” by default. All you have to do is change the visibility settings of any Posts or Pages that you want to make visible on your site back to “Public”.

Tip #2 – As explained earlier in this tutorial, private posts are only visible by default to users on your site that have been assigned the role of Administrators or Editors.

But…what if you want to allow users who are not Administrators or Editors to view private Posts or Pages on your site?

For example, let’s say that you run a business consultancy firm and you want your consultants to be able to distribute reports privately to clients through your site, or your children’s school wants to post class assignments privately to students online through their school blog.

One option would be to make everyone who needs to have access to private Posts or Pages on your site into an “Editor”. This is not a very good option, however, as they would then be able to modify your content.

Fortunately, there is an excellent free WordPress plugin called User Role Editor that lets you change the capabilities of any standard WordPress user role (to learn more about user roles, see this tutorial: How To Manage WordPress Users).

User Role Editor - WordPress plugin.
User Role Editor – WordPress plugin.

This plugin lets you assign the same capabilities for reading private posts and pages that ‘Editors’ have to users in roles with fewer permissions (e.g. ‘Subscriber’).

User Role Editor plugin screen.
User Role Editor plugin screen.

With this plugin installed, you can also give users like ‘Subscribers’ and ‘Contributors’  access to private posts and pages on your site without allowing them to modify their content.

In addition to the above methods, there are other options for protecting content on your site, but these options typically involve editing code on your site or server and are beyond the scope of these tutorials.

Learn how to protect your content in WordPress.
Learn how to protect your content in WordPress.

Congratulations! Now you know how to protect content on your WordPress site.


"I love the way your email series "Infinite Web Content Creation Training Series" is documented and presented. It is very absorbing and captivating. The links and tutorials are interesting and educational. This has motivated me to rewrite my content following the concepts I am learning from the email series." - Mani Raju,


We are not affiliated, associated, sponsored, or endorsed by WordPress or its parent company Automattic. This site contains affiliate links to products. We may receive a commission for purchases made through these links.