Securing WordPress Content with Passwords

Securing WordPress Content with Passwords


[SLURP]
Hello and welcome to Southwest Cyberport’s WP Coffee Break,
WordPress answers in the time it takes to have a cup of
coffee. Today we’re going to learn how to password
protect content on your WordPress site. There are many reasons you
might want to do this, and we will just look at a couple of them
today. If you have a situation we didn’t cover here, just ask in
the comments and we may do a followup video. So what information might you want to protect
on your WordPress site? The two most common answers are Private
documents, and digital files you want to sell. Today we’ll focus
on private documents. This might be a directory of members of your
club or organization, business plans, or even a family newsletter. From the WordPress perspective, this information
breaks down into two types: information presented in a page
or post, and files that are uploaded. Usually your information will
be a combination of both of these types. They each have to be
addressed within your site. We’ll start with pages and posts. WordPress makes it very easy to password protect
a page or post. We’ll add a page for Club Newsletters. The
process is the same as adding any page in WordPress. The only thing
we do differently is click the Visibility setting over here on
the sidebar. Click the Edit link to get options. You can either add
a password or select Private. If it’s Private, then the page will
only be visible to you, while logged in to the site, not to any
other site users. While that makes your data perfectly safe,
it’s also perfectly useless! What we want to do is set a password
on this page. Now anybody who wants to access it will need to
know this password. Any time you add access restrictions to your
site, you need to test it. It can be a little tricky because once
you have accessed the page, you don’t have to give the password
when you visit it a second time. That makes it hard to tell sometimes
if things are working like they should, or if you have accidentally
removed the password protection for a page. One good way to handle this is with what Chrome
calls an Incognito Window. This is a new browser window which
doesn’t have any of the cookies, history, or passwords that would
be available to your normal browser windows. Safari and Firefox
call these Private browsing windows, and they are the same thing.
They let you very conveniently visit the site as though you
were a member of the public. After you test you can close that
incognito window and open another when you want to test again.
Each time you open a new one, it will have no knowledge of the other
sessions. I’ll visit the site in my incognito window,
visit the Club Newsletters page, which I’ve added to the site menu, and
it wants me to enter the password. If I enter the wrong one, it
won’t let me in. When I finally enter the correct password, I get
to see the page. This next point is subtle but very important.
We have password-protected this page, so you need to know the password
to see this information. However, the PDFs we have linked here are
in the WordPress media library on our site. Anybody who has the URL
which links to one of these PDF files can download them, without
going through this protected Page. WordPress is organized this way for good reason.
Allowing direct access to the files in the media library is
many times faster than if WordPress had to play gatekeeper for every
image file needed to construct a page view. However, it has this
side effect, this trap that a lot of people fall into, where it seems
like you have password-protected some information, but later
you find that your private files have been indexed by Google
because they got exposed in some way. What we need is a way to store these private
uploads in a separate area, not in the usual Media Library, where
they can’t be accessed by just anyone who knows the URL. And then
we need a gatekeeper to allow access to those files only under
the right conditions. There are several plugins available to solve
this problem. We’re going show how to do it with one particular
plugin, called Download Monitor. This plugin is free, has good ratings,
and has some paid add-ons available if you need more advanced
features. After we install and activate the plugin,
there is a new “Downloads” item on the dashboard sidebar. When we click
it, we see there is a link we need to Follow to do some first-time
setup. Here you create some pages that Download Monitor needs.
If you don’t plan on selling digital files you don’t need to
create the cart and checkout page, but everybody should create
the “No Access” page. Before we add downloads, I’m going to tweak
the “permalinks” setting on my site. I’ve found that settings which
include “index.php” in the URL don’t work well with certain types
of plugins (like Download Monitor), so I will set mine to “post name”.
If you already have permalink set to something you like, just
try it and see if it works OK. Now, to get started, we’ll add a download.
To be honest I found this page a little bit confusing since it
looks so much like the screen for editing WordPress Posts. In most
cases, you can ignore a lot of what is here. We just need to work
on three things here: The Title, uploading the file, and setting
the visibility. Start by giving it a descriptive title (so
that you can find it easily later), then click the “Add File” button.
One note here, the “browse for file” button browses your
WordPress directory on the server, not your computer. That could
be useful in some cases, but usually you just want to click “Upload
File”, which takes you to the media library. Click “Upload Files”,
select a file from your computer, and then hit “Insert the URL”. Next we’ll change the “visibility” setting,
which defaults to “Public”. Click the Edit link to get options.
This is just like the visibility setting for a page, which we
saw earlier. We’ll set a password here and now anybody who wants
to download this file will need to know the password. Now hit Publish, and we are done adding this
download. While I add a couple more downloads here,
I should just mention that while it looks like we’re uploading files
into the Media Library, the Download Monitor plugin is actually
redirecting these uploads into a separate directory. That directory
is not available from the web, so somebody who knows the link
can’t get to it without going through the Download Monitor plugin
and entering the password. Now we have the file on the site, and it’s
protected by a password. The next step is to add a link to the file
on a WordPress page. Earlier we added a page for Club Newsletters.
Let’s go back to that page, and add links to a few PDFs that
we have uploaded. This plugin has integrations with both the
new Gutenberg block editor and the Classic editor. The method
looks different for each of them so I’m going to show how to add download
links with each one in turn. First we’ll use the classic editor. We place the cursor where we want the next
link to go, then click the “Insert Download” button above the editor
controls. It shows us a list of the files we have uploaded, we
select the one we want, then click Insert Shortcode. When this page
is displayed to the user, the shortcode, this text inside square
brackets, will be replaced with a link to the download file. Now I’m going to click Publish to save these
changes, then go back to the list of Pages, and edit this same page
again, but this time with the new block editor. First I’ll enter the text I want to precede
the link. When I press enter, it starts a new block. Now I scroll
through the list of block types, and find The one for inserting
a download. Instead of inserting the shortcode text, it adds a
download button, but it says we need to select a download. Remember
that in the block editor, the right-hand sidebar always has
controls for the block you have selected. If we look over there now,
we see this pull-down menu and can select the file we want to attach
to this button. Click update to save our changes, then we
can view this page and see how it looks. We’ve added the Club Newsletters page to the
menu so we can get to it easily. I have to enter the password to
view the page. Then when I click any of these PDF links, I have
to enter the password for that PDF. I used a different password
for this Page and for the download files. If you were to use the
same password for both, you would only have to enter it one time.
Any further files which have the same password will be served up without
having to enter it again. It’s up you which approach makes
the most sense for your site. Here’s a little shortcut that can save you
some time if you have a lot of downloads. You can have the plugin
generate the list of downloads for you so you don’t have to add
them to a page one-by-one. Let’s go back to our Club Newsletters page.
We’ll delete these links that we added before and replace them
all with one shortcode, called ‘[downloads]’ (note the “s” on downloads).
Now save this and view the page, and we see the plugin has
taken care of listing them out for us. You can add things to the
[downloads] short-code to control things like which files to include,
how to order them, etc. Check the documentation on the Download
Monitor web site for those details. I hope this basic introduction to protecting
private data on a WordPress site has been helpful. There are
a few related topics we didn’t cover here. For example, you can
use the “member” checkbox to make a download available to anybody who
has logged in to the site. There is also ecommerce support, so
you can tie a download to a Paypal payment button, and there are
several paid extensions available to give you more functionality like
requiring the user to fill out a form before downloading
a file. This has been a WP Coffee Break from Southwest
Cyberport, a cutting-edge WordPress hosting provider in
the heart of the American Southwest. If you need fast, secure and friendly WordPress
hosting, head over to swcp.com/coffee to check us out. If you have any questions or suggestions for
future video topics, leave a message in the comments. Thanks for
watching, and don’t forget to like and subscribe!

About the author

Leave a Reply

Your email address will not be published. Required fields are marked *