Password Protected Pages Don’t Accept A Valid Password After Changing The Password

RESOLVED!

See that Sucuri plugin?

The DNS for my site points to a Sucuri server which does caching.

I logged into the Sucuri site and added an exclusion for the WordPress password protected page to the caching setup using the UI. Now the new password works and the page behaves as expected. No cache busting required.

The login page posts to a PHP file which hashes the entered password, stores it in a cookie and sets its expiration date to 10 days in the future so you can visit the password protected page for 10 days until you will be prompted for the password again. This is assuming that you are accessing the page from the same device and browser.