Easy Guide to Hide Password Protected Posts From WordPress Loop

In this tutorial, we will learn how to hide password protected posts from the WordPress loop.

Why Hide Password Protected Posts in WordPress?

By default, WordPress displays the password protected post with its title and a ‘protected’ prefix. Users will need to enter the password to view the content of the post.

Password protected posts displayed on homepage and in widgets

This post title is visible on the homepage, archives, recent posts widget, etc. If you want to keep some content completely private, then this is not a ideal.

Not only users who don’t have password can see the post title, they can also try to enter passwords. As we all know, passwords can be cracked.

Having said that, let’s take a look at how to hide your password protected posts from WordPress loop so that other users cannot see them.

Hiding Password Protected Posts in WordPress

Simply add this code to your theme’s functions.php file or a site-specific plugin.

function wpb_password_post_filter( $where = '' ) {
    if (!is_single() && !is_admin()) {
        $where .= " AND post_password = ''";
    }
    return $where;
}
add_filter( 'posts_where', 'wpb_password_post_filter' );

This code simply modifies the query sent to the WordPress by using the posts_where filter. It asks WordPress to fetch all posts that do not have a password.

Visit your website and you will see that password protected posts are no longer visible on homepage, archives, or in widgets like recent posts.

Before and after hiding protected posts in WordPress

You can still visit the post by accessing it through a direct URL to the post itself.

The example above, hides password protected posts from all users. What if you ran a multi-author WordPress site and wanted protected-posts to be viewable by users with the capability to edit private posts?

Simply modify the above code with another conditional tag, like this:

function wpb_password_post_filter( $where = '' ) {
   if (!is_single() && !current_user_can('edit_private_posts') && !is_admin()) {
        $where .= " AND post_password = ''";
    }
    return $where;
}
add_filter( 'posts_where', 'wpb_password_post_filter' );

In this example, we check if a user cannot edit the password protected posts, then only show the posts that don’t have password. Doing so all users with user roles of administrator and editor will see the password protected posts on the front end of your site.

We hope this tutorial helped you hide password protected posts from WordPress loop on your site.

Leave a Reply