Feb 022014

How to password protect WordPress pages without a plugin tutorial will teach you how to password protect pages by adding some function to a custom template. It will then redirect the login user to the protected page.

Last Updated: July 11, 2016

Hint: Always work with a child theme. I am using Suffusion Child Theme

Latest News: I have made some changes to the code and edited some text.

I have tested this code with WordPress 3.8.1 and it works. It should also work with 4.3.1 and the latest version 4.4. For those who are using WPtouch Mobile Plugin 3.1.5 plugin it will cause an issue. If you are using WPtouch 3.8.1 it might work, have not tested it yet.

The reason for this tutorial is to implement the following features without using a plugin. Your WordPress website will always perform faster with less plugins. Another reason is because the password protection feature found in WordPress has limitations and it is not very secure in my humble opinion.

This tutorial best suite those who want to protect pages and redirect the login user to a page. You can also exclude the filter in the function and simply protect all the pages you want.

Credit is given to wordpress.org codex page for the following code.


Step 1 ) Before you begin with this tutorial make sure you have the following settings enabled in WordPress, anyone can register and set it to the minimum which is Subscriber. See image below:


Step 2 ) Add the following filter code into the functions.php file found in your theme folder. If not simply create one. The following filter will direct all non administrators to a password protected page and the administrator to the admin dashboard.

Important: I have moved the add filter outside the function

// Redirect admins to the dashboard and other users elsewhere

function my_login_redirect( $redirect_to, $request, $user ) {
// Is there a user?
if ( is_array( $user->roles ) ) {
// Is it an administrator?
if ( in_array( ‘administrator’, $user->roles ) )
return home_url( ‘/wp-admin/’ );
// return home_url();
return get_permalink( 83 );

add_filter( ‘login_redirect’, ‘my_login_redirect’, 10, 3 );

Remember to change the following ID ( 83 ) with the ID of the page you want all your users to be redirected too. If you want them redirected to the home page uncomment return home_url(); by removing the // slashes from the code above.

Please Note: You can use the code illustrated in the wordpress.org codex link above instead of the one added above in my example.

Step 3 ) Now we need to create a custom template and uploaded into our theme folder. You can choose which ever template you prefer. Copy and paste the content into the new custom template you are creating. (Remember to give this template a unique name). When you create a new page or if you already have a page you want to protect, simply choose the custom template you just create.

Credit is given to the following website for the following code


Add the following code to the top of the custom template you just created.

<?php if(is_user_logged_in()):?>

Add the following code to the very bottom of the custom template you just created.

Remember: If you are using a sub domain make sure you point to the correct path.

<?php else:
wp_die(‘Sorry, you must first <a href=”/wp-login.php”>log in</a> to view this page. You can <a href=”/wp-login.php?action=register”>register free here</a>.’);

Every time someone clicks on the protected page, they will be asked to login or register if they are not registered. They will then be redirected to the password protected page if they are not administrators as per the filter settings you added into your functions.php file above. See image below:

login screen password protect page

If you want more functionality and more control then I recommend the following plugins which I have tested on my test site and they work well. Each plugin works differently and has its own functionality and abilities.

I hope you enjoy this tutorial and it has helped you. I will be updating this tutorial from time to time.


Manuel Ballesta Ruiz is a web developer, Blogger and WordPress Enthusiast.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



The following GDPR rules must be read and accepted:
This form collects your name, email and content so that we can keep track of the comments placed on the website. For more info check our privacy policy where you will get more info on where, how and why we store your data.