Add error message on password protected pages

Here’s a combination of these two great answers (21697 & 71284) to similar questions.

wpse241424_check_post_pass() runs early on the wp hook on single password protected pages. If an invalid password is entered, the INVALID_POST_PASS constant is set for use later in the form, and the password entry error cookie is removed to prevent the error message from being visible each time.

wpse241424_post_password_message() is run right before rendering the password form. It checks for the INVALID_POST_PASS constant that it set earlier when an invalid password is encountered, and adds the error message to the form.

function wpse241424_check_post_pass() {

    if ( ! is_single() || ! post_password_required() ) {
        return;
    }

    if ( isset( $_COOKIE['wp-postpass_' . COOKIEHASH ] ) ) {
        define( 'INVALID_POST_PASS', true );

        // Tell the browser to remove the cookie so the message doesn't show up every time
        setcookie( 'wp-postpass_' . COOKIEHASH, NULL, -1, COOKIEPATH );
    }
}
add_action( 'wp', 'wpse241424_check_post_pass' );


/**
 * Add a message to the password form if an invalid password has been entered.
 *
 * @wp-hook the_password_form
 * @param   string $form
 * @return  string
 */
function wpse241424_post_password_message( $form ) {
    if ( ! defined( 'INVALID_POST_PASS' ) ) {
        return $form;
    }

    // Translate and escape.
    $msg = esc_html__( 'Sorry, your password is wrong.', 'your_text_domain' );

    // We have a cookie, but it doesn’t match the password.
    $msg = "<p class="custom-password-message">$msg</p>";

    return $msg . $form;
}
add_filter( 'the_password_form', 'wpse241424_post_password_message' );

Related Posts:

  1. How to change user password with wp-cli?
  2. Loosen/disable password policy
  3. Password Protect Custom Page
  4. Password protecting a page
  5. How to save Admin FTP password
  6. How can I change the default wordpress password hashing system to something custom?
  7. If I change the salt keys in my wp-config will all passwords break?
  8. Conditional to test if post has password protection enabled
  9. How to add Wp_error using lostpassword_post hook when validating custom field?
  10. Create a USERNAME and PASSWORD protected WordPress page
  11. Duplicate hash method for password in .NET
  12. Hide password protected posts
  13. Access code/password only restricts page access, no user registration..?
  14. PasswordHash not found in namespace
  15. Force all users in MU to change their passwords
  16. Reseting admin password through PHPMyadmin fails
  17. Check Password Reset Key Not Woking
  18. Reset password – set minimum length for new password
  19. How to shorten length of auto generated password sent during registration?
  20. wp_hash_password unexpected behaviour
  21. Redirect a password protected page?
  22. Lost password link is redirecting to /shop/my-account/lost-password/
  23. Change default recovery link expiration time
  24. Set content type to HTML for lost password email only
  25. Password protecting template, secured content not showing if even password is right
  26. Make post password required to publish
  27. Password reset bug? – “Sorry, that key does not appear to be valid”
  28. How to set minimum length and error message for password recovery?
  29. Why is resetting the WordPress Users password not working?
  30. Get plain password on register
  31. How Authentication in wordpress works? wp_authenticate_username_password()
  32. Password Protected page not asking for a password
  33. I would like to password protect my entire WordPress site (ip validated), except for one page
  34. Password protection for page template
  35. Custom login form for front-end user as well as admin
  36. how to remotely check a username / password from within a plugin
  37. Password changed [duplicate]
  38. Enable Update button only when password is shown strong
  39. How to get user password before being encrypted outside the wordpress core once add a new user from dashboard?
  40. wp_hash_password create a different hash everytime
  41. How to change password
  42. Generating the password reset link automatically
  43. Password protect pages – allow more than one password
  44. password recovery key is invalid on custom reset
  45. Like to store multiple passwords in db table wp_posts field post_password?
  46. Password Protected Post is invisible until you login
  47. Custom form for password protected page
  48. How secure is a wp-config file?
  49. How to check user’s password?
  50. How to Remove or Deactivate “Application Passwords” in WordPress
  51. What’s the algorithm to verify user password?
  52. Customize retrieve password message
  53. How to recover password from a user
  54. resend user login & password with custom button
  55. WordPress admin creation through phpmyadmin not working
  56. Why does hashing a password result in different hashes, each time?
  57. How to initiate password reset flow by code
  58. Change password fields
  59. lostpassword_redirect filter is not used
  60. How to read third party cookie to access password protected pages
  61. Password-protected page redirecting to frontpage when I enter the password
  62. How would I create a Password Protected Page with Content on it?
  63. wordpress custom password change problem
  64. Allow all reset password links within the past 24 hours to be valid and accepted
  65. WooCommerce Lost Password reset goes to 404
  66. Set id and password for each post
  67. I have to reset the admin password each time
  68. I need help with wp_lostpassword, wp_register and wp_login_form
  69. Create Member who can’t be changed
  70. Automatically change the page password for more than one page
  71. Sending Reset Password email via Web API
  72. $expiration_duration = apply_filters( ‘password_reset_expiration’, DAY_IN_SECONDS );
  73. Frontend custom forgot password page
  74. Cannot get function.php code to work to remove Lost Password link on live site
  75. Entering a WP site with a SMS code
  76. Problem with login / reset password links in users emails
  77. Password Protect content() on homepage
  78. Function called by password_reset action passed only 1 argument instead of 2 in PHP 7.2.11
  79. Allow users from my ASP.Net MVC site to access my private WordPress site
  80. Lost Password redirect to My Account
  81. Multiple pages protected by different passwords. Possible to track multiple passwords at a time?
  82. How do I display the password field on the WordPress user registration screen?
  83. WordPress Protected Page Redirects to PDF
  84. Not able to log for the first time on a salted WordPress by creating pwd on BD
  85. Bypass a WordPress Password Protected Post or Page via a URL
  86. Password Protected Logout Button Not Working
  87. Password protect wp-login.php
  88. How do I password protect a page of posts on WordPress?
  89. forgot password
  90. Revise my keyword but still cannot login
  91. WordPress not taking password and username
  92. mysql update user’s password and activation key
  93. How WordPress hashes passwords
  94. check if post is set to “password protected”
  95. Override the default password length when creating or updating a user profile
  96. Why can’t I create an Application Password?
  97. ‘random_password’ filters not taking effect
  98. FTP Password (not private key-value pair) for EC2 Instance
  99. How to Disable Pre-population of Password on Password Reset
  100. Bypass a WordPress Password Protected Page via url