Passster – Password Protection


Protect your entire website, only single pages or posts or just areas of content within it.
Passster brings a lot of flexibility in creating password-protected areas on your website.

Area protection

Create protected areas that can be added with a simple shortcode.
The shortcode will be fully generated for you based on your configuration of your area.

Page protection

Protect entire pages with the same settings you already know from the area protection, but without even using a shortcode.
It blocks the entire page while keeping your layout intact instead of showing an ugly protection layout.

Global Protection

On each page, you can select to activate the global protection. Each visitor without the required password will be redirected to the page
as long as they are not authenticated. The Cookie option from Passster->Options is required for this.


All three protection modes supporting all well-known page builders.
Currently successfully tested are:

  • WPBakery Pagebuilder
  • Elementor / Elementor Pro
  • Beaver Builder
  • Divi Builder
  • Oxygen Builder
  • Gutenberg

To avoid any layout shifts or rendering problems, it’s highly recommended to activate the “Reload after successful validation” option in Passster->Options->Compatibility Mode.



  • restrict areas and add them via shortcode
  • restrict pages
  • restrict your entire website
  • use a single password or a captcha for protection
  • AJAX for unlocking with caching and without a reload
  • change the global styles and texts in the WordPress Customizer
  • Use cookies to save encrypted passwords for longer access


Additionally to all free features, the pro version includes:

  • use multiple passwords
  • use large passwords lists with password expiration by usage and date
  • use Google ReCaptcha (v2 and v3) for protection
  • expire passwords from a list after one-time usage, after several usages, or by time (hours, days, weeks, months)
  • modify headline, description, placeholder, buttons per shortcode
  • modify headline, description, placeholder, buttons per page
  • auto-unlock content per user and user role
  • unlock content with encrypted links and use Bitly to shorten the entire URL (optional)

Paired with exceptional support directly from the developer, timely updates and feature integrations, and extensive documentation you can’t go wrong with Passster Pro.
Get it now on


I regularly optimize the documentation and release extensive tutorials on how to use Passster in a multitude of use-cases.

Learn more on


The free support is exclusively limited to the support forum.

Any kind of email priority support, customization, and integration help need a valid premium license.


The plugin is coded with modern PHP and WordPress standards in mind. It’s fully OOP coded. It’s highly extendable for developers through several actions and filter hooks.

Passster keeps your website performance in mind. Every script is loaded conditionally and all input and output data is secured.


All major texts and information can be modified from the admin area of Passster.

The plugin is fully translatable in your language. At the moment there are only en_EN and de_DE, but you can easily add your preferred language as a .po/.mo.

It’s also fully compatible with WPML and Polylang.


  • Passster Password Form
  • Passster Areas
  • Passster Settings
  • Passster Customizer Options


Passster is simple to install:

  1. Download the .zip’
  2. Unzip
  3. Upload the directory to your ‘/wp-content/plugins’ directory
  4. Go to the plugin management page and enable the Passster Plugin
  5. Browse to Settings > Passster
  6. Customise your settings and your good to go!


Sermawêz 30, 2021
I had some trouble using PPWP-plugin and was looking for alternative. Found Passster by coincidence and give it a chance ... all my needs were satisfied. I'm pretty happy with Passster and think of using it in other related situations when needed.
Sermawêz 9, 2021
Was great, but now it seems you need the right password AND some luck to unlock the content. Otherwise you sometimes get a "security check failed" error.
Nîsan 29, 2021
This content-protection plugin is the best I know using with elementor. With PPWP-plugin some errors occured which I couldn't fix (also not with support). With Passster everything worked well and the support was more than fast (under 24 hours for replies). Great job!
Nîsan 7, 2021
I use Passster for several websites and usecases, but especially in combination with woocommerce I really like this plugin. It's protecting woocommerce in any needed way, for product pages, main shop pages and category pages. These options are also helpful when you want to create and sell special membership products. The support is great too, help comes for you within 48 hours!
Adar 31, 2021
Because I'm a WP-newbie I had some trouble installing this plugin, but the support was great and I got my questions answered within 24 hours. After everything was installed correctly using this plugin was much easier 😉 I use it mainly to create password-protected direct access links and it works great. P.S. This is also my first plugin-review here at and I hope I did everything right ... Greetings from Trentino-Alto Adige 😉
Adar 7, 2021
Hi, I am really enjoying your plugin, this is exactly what I have been looking for. My only other option to password protect specific pages on my site was a $500 plugin. Your free version is exemplary and I can not wait to see what the paid version offers. My only question is, is there a way that I can edit the page where the password is entered? I would like to personalize that page more, add a message for my members etc. Is this possible and if so how can I do it?
Read all 48 reviews

Contributors & Developers

“Passster – Password Protection” is open source software. The following people have contributed to this plugin.


“Passster – Password Protection” has been translated into 3 locales. Thank you to the translators for their contributions.

Translate “Passster – Password Protection” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • fixed notice for checking areas
  • updated dependencies
  • fixed security issue in is_valid()
  • fixed validation with reload option


  • security patch
  • better error handling with fade and clear input
  • better area restriction
  • better performance for password checkups
  • removed rych hash dependency
  • improved WooCommerce product restriction
  • Gutenberg Support for areas
  • fixed notice for bitly check
  • fixed notice for recaptcha validation


  • fix for shortcode validation capabilities
  • improved validation for global protection


  • bugfix for link protection
  • pagebuilder editing support for areas
  • fixed show password function
  • is_valid() for areas
  • dynamic {post-id} parameter for shortcodes in AJAX
  • hide parameter for areas
  • check form values before AJAX submit (required attributes for example)


  • introduced protected areas
  • shortcode configurator in areas
  • bugfix: spaces in password lists
  • PHP 8 support improvements
  • removed auto-updater for options
  • automatically add metaboxes to all registered (public) post types
  • removed wp_auto_p() for Oxygen Builder support
  • removed deprecated Pagebuilder modules (handled with areas now)
  • min value for Cookie set to 1 and no negativ values possible
  • improved widget support with areas
  • performance optimization for large password lists


  • lighter freemius integration
  • admin UI improvements
  • direct links for documentation and support in admin header


  • added expire by usage and time for password lists (pro only)
  • added global password protection
  • base64 encryption for cookies
  • bugfix for bitly URL toggle (pro only)
  • improved uninstall with latest options
  • auto activate reload option if pagebuilder is activated


  • added support to unlock widgets via ajax
  • added support to unlock acf fields via ajax
  • added shortcode params to page protection (pro only)
  • added user restriction to page protection (pro only)
  • fixed one-time usage for password lists without ajax (pro only)
  • added option to redirect to source URL after link unlock (pro only)


  • latest freemius SDK
  • fixed ID parameter for multiple forms per page
  • custom headline, ID parameter for Recaptcha v2/v3
  • better enqueue for ReCaptcha v2


  • removed old cache busting prevent 404 errors for files
  • wp_enqueue_script for ReCaptcha preventing cache issues
  • introduced ajax loader to indicate verification
  • fixed metabox showing wrong selected password list
  • improved admin wording for more clarification
  • updated german translation files


  • WordPress 5.5 compatibility
  • Elementor with Ajax mode compatibility
  • added WPML config file
  • update german translation
  • prevent fatal error if ps_run_plugin() is already declared
  • number field instead of text for cookie duration
  • ReCaptcha without async defer (handled via Caching plugins)
  • fixed PHP notice for bitly integration


  • cache-busting for no-ajax mode and cookies
  • fixed double docs link
  • support option for third-party-shortcodes with pre-render
  • removed auto-space from password lists
  • new link encryption solution with metabox and bitly
  • hide parameter for WPBakery integration
  • updated and fixed german translation


  • performance improvements for password lists
  • support for Google ReCaptcha v2 with selection
  • more efficient ajax handling for different unlock methods.
  • auto-update cookie settings if no ajax mode is used.

  • more robust regex for various shortcode implementations
  • added action to track unlocks with Google Analytics and other tracking solutions


  • fixed additional params to overwrite texts in the shortcode
  • fixed empty content while using additional parameters
  • added tablepress support for ajax
  • implemented old recaptcha parameters for backwards compatibility


  • better compatibility mode with cache busting
  • better ReCaptcha integration with ajax and with cookies
  • compatibility: full page protection with divi builder
  • more reliable way to get valid response via ajax
  • mobile-friendly cache-busting after authentication


  • added compatibility mode for forcing reload
  • compatibility fix Elementor full page protection
  • compatibility fix WpBakery Pagebuilder full page protection
  • re-added error message in Customizer
  • improved german translation

  • fixed captcha loading while not in use

  • fixed wrong redirection after activation
  • fixed wrong object call for elementor users.


  • fixed captcha loading while not in use
  • fixed wrong redirection after activation
  • fixed wrong object call for elementor users.


  • major release
  • new admin UI and simplfied settings
  • password protection for pages, posts and products
  • new captcha solution with canvas objects
  • new Google ReCaptcha v3 integration
  • removed requirements for PHP sessions for better compatibility
  • removed old Google API vendor for better compatibility
  • refactored the entire shortcode and submit solution
  • ajax-based submit and validation – no page reload required anymore
  • fixed cookie solution for captcha, ReCaptcha
  • easier template function is_valid() for complete checks of all parameters
  • fixed shortcode parameters for headline and id
  • better uninstall cleanup
  • intrated metabox for setting Passster settings for complete pages

  • cookie for passwords conditional function fixed
  • introduced API parameter to elementor and beaver builder
  • fixed notice if api not available in helper methods


  • WPBakery Page Builder row protection with correct default values
  • new helper class for cookies
  • api parameter possibility to add external apis


  • Another VC protection row fix..
  • compatibility WPBakery 6.0.5


  • VC row protection fix
  • new partly parameter
  • cookie set fix and conditional function to check for
  • new type hint solution (better jQuery compatibility)
  • is_cookie_valid check for all password related protection types
  • admin css fixes with prefix


  • Password Lists fix for all page builder
  • prevent autoload error if free and premium version installed
  • customizer as default values for page builder options
  • placeholder now configurable in the customizer


  • fixed captcha notice
  • fixed rows shortcode for WPBakery Pagebuilder
  • more efficient notice handling in admin area


  • adding the “hide” parameter to hide forms if set and multiple forms used
  • compatibility AAM plugin fix for multiple user roles
  • captcha is now a free addon – lower php version needed for basic password usage
  • check_atts method now working correctly
  • WPBakery Pagebuilder addon fix (free)
  • WPBakery Pagebuilder addon protect rows (only pro)
  • add message for captcha usage
  • new (and working) solution for show passwords before submitting

  • new AMP support with cookies
  • Fixed delete error notice for passster_lists function not exists
  • introduced new helper function for AMP set_amp_headers()
  • drop db table for sessions if full uninstall option set
  • customizer option to show password while typing

  • fixed amp notice
  • fixed backend_admin_notice error
  • fixed customizer for themify ultra theme

  • PS_List collision fix

  • autoload backupwp collision fix

  • SVN fix for missing files
  • cookies for conditional functions

  • pagebuilder path fix
  • admin amp option fix


  • security patch freemius
  • add cookie option for multiple passwords
  • add pagebuilder addons in free version
  • fix php notices for php 7 support
  • remove OptionsHandler class for support older php versions
  • add password lists (admin + shortcode)
  • update translation files
  • added AMP support for all protection types
  • improve default values after Installation

  • Fix PHP 5.6 upgrader problems
  • Moved autoloader up so database upgrade is handeled correctly


  • PHP 5.6 compatibility
  • function naming fixes
  • optimize session handler class


  • introduce conditional functions for template usage
  • completely remove the autofocus
  • fixes save settings for user_toggle option
  • updates the session handling for captcha to PHP 7.2 compatibility
  • prevents autofill for safari, chrome and webkit supported browsers


  • includes fixes for beaver builder module support


  • Support Release
  • Fixed multiple passwords runtime
  • add customizer notice on Installation
  • improved german translation
  • add an seprate atts function for more readable code
  • add new users addon


  • Support Release
  • Add auth parameter for multiple shortcodes per page
  • Fixed for error messages
  • Fixed wp_enqueue_styles for windows servers
  • Fixed php notice for captcha options


  • Support Release
  • fixed problems with WP Sessions table and Database Handler
  • fixed License Activation
  • Add option for autofocus
  • fixed helper for addon activation


  • Support Release
  • Major improvements for captcha
  • set width and height for captcha
  • integrate wp-sessions-manager for session handling via database
  • adding page builder support for elementor, WPBakery Pagebuilder and beaver builder (pro only)
  • fix one pager bug with passster forms


  • Support Release
  • Add placeholder and button label per shortcode
  • Fix option set issues for captcha
  • get rid of HTTP API and all external calls and replace with object cache


  • Support Release
  • Fixing PHP notice for addons
  • replace_file_get_contents() with WP HTTP API


  • new admin ui
  • captcha is back!
  • cache-compatible cookie solution
  • design modifications via customizer
  • cross-browser-compatible forms
  • shortcode generator
  • password generation with newset bcrypt standards
  • password generator
  • fix several bugs like instructions text, translations, php errors


  • under new development
  • compatibilty with WordPress 4.9+
  • clean up and restructure whole plugin
  • remove deprecated solutions for ajax and captcha
  • removed date based selection of cookie expires


  • Setting “Password Field Placeholder” now accessible through “Settings -> Passster -> Password/CAPTCHA Field”


  • Form and CAPTCHA instructions moved to outside the form.
  • content_protector_unlocked_content filter bug in AJAX mode fixed.
  • CSS for div.content-protector-form-instructions fixed.
  • New Setting “CAPTCHA Case Insensitive” – to allow users to enter CAPTCHAs w/o case-sensitivity.
  • New action content_protector_ajax_support – for loading any extra files needed to support your protected content in AJAX mode.

  • Fixed bug crashing content_protector_unlocked_content filter.
  • Full AJAX support for [caption] built-in shortcode.


  • Full AJAX support for [embed], [audio], and [video] built-in shortcodes.
  • Added full support for [playlist] and [gallery] built-in shortcodes.
  • Fixed Encrypted Passwords Storage setting message bug.
  • content_protector_content filter now called content_protector_unlocked_content.
  • content_protector_unlocked_content filter can now be customized from the Settings -> General tab.
  • the_content filter now applied to form and CAPTCHA instructions.


  • Partial AJAX support for [embed], [audio], and [video] built-in shortcodes. (experimental)
  • Fixed AJAX error from code refactoring


  • Displaying Form CSS on unlocked content is now a user option (on the Form CSS tab).
  • When saving settings, the Settings page will now remember which tab you were on and load it automatically,
  • Fixed potential cookie expiry bug for sessions meant to last until the browser closes (expiry time set explicitly to ‘0’).
  • Improved error checking for conflicting settings.
  • Some code refactoring.


  • Fixed output buffering bug for access form introduced in 2.6.1.


  • Fixed AJAX security nonce bugs.


  • jQuery UI theme updated to 1.11.4

  • New setting to manage encrypted passwords transient storage.
  • New settings for Password/CAPTCHA Fields character lengths.
  • Improved option initialization and cleanup routines.
  • content-protector-ajax.js now loads in the footer.
  • WPML/Polylang compatibility (beta).
  • New partial translation into Serbian (Latin); thanks to Andrijana Nikolic from WebHostingGeeks (Novi parcijalni prevod na Srpski ( latinski ); Hvala Andrijana Nikolic iz WebHostingGeeks)


  • Skipped


  • Skipped


  • Settings admin page now limited to users with manage_options permission (i.e., admin users only).
  • Fixed bug where when using AJAX and CAPTCHA together, CAPTCHA image didn’t reload on incorrect password.
  • New settings: use either a text or password field for entering passwords/CAPTCHAs, and set placeholder text for those fields.
  • Added autocomplete="off" to the access form.
  • Streamlined i18n for date/time pickers (Use values available in WordPress settings and $wp_locale when available, combined *-i18n.js files into one).


  • Fixed AJAX bug where shortcode couldn’t be found if already enclosed in another shortcode.
  • Clarified error message if AJAX method cannot find shortcode.
  • Changed calls from die() to wp_die().


  • Removed content-protector-admin-tinymce.js (No need anymore; required JS variables now hooked directly into editor). Fixes incompatibility with OptimizePress.


  • Added custom filter content_protector_content to emulate apply_filter( 'the_content', ... ) functionality for form and CAPTCHA instructions.


  • Rich text editors for form and CAPTCHA instructions.
  • NEW Template/Conditional Tag: content_protector_is_logged_in() (See Usage for details).
  • Performance improvements via Transients API.


  • New CAPTCHA feature! Check out the CAPTCHA tab on Settings -> Content Protector for details.
  • Improved i18n.
  • Various minor bug fixes.


  • Dashicons support for WP 3.8 + added. Support for old-style icons in Admin/TinyMCE is deprecated.
  • Unified dashicons among all of my plugins.


  • Added “Display Success Message” option.


  • Added “Shared Authorization” feature.
  • Renamed “Password Settings” to “General Settings”.


  • Added support for Contact Form 7 when using AJAX.


  • Fixed label repetition on “Cookie expires after” drop-down menu.


  • Various CSS settings now controllable from the admin panel.
  • Palettes on Settings color controls are now loaded from colors read from the active Theme’s stylesheet. This
    should help in choosing colors that fit in with the active Theme.
  • Spinner image now preloaded.
  • Some language strings changed.


  • AJAX loading message now customizable.


  • Added required images for jQuery UI theme.
  • Fixed some i18n strings.


  • Initial release.