You could try hooking into template_include and showing the user a completely different page containing the login form (without changing the URL) if the post is password protected. Combine that WordPress’ built in post password functionality and you have something really close to what you want (blocking an entire page). You could also use {{insert … Read more
Here ya go: function dopasswordstuff(){ if(isset($_POST[‘homepagepassword’])) { global $wpdb; $post_password = trim($_POST[‘passwordfield’]); $post_id = $wpdb->get_var( $wpdb->prepare(“SELECT ID FROM $wpdb->posts WHERE post_password = %s”, $post_password) ); if (!empty($post_id)) { if ( empty( $wp_hasher ) ) { require_once( ABSPATH . ‘wp-includes/class-phpass.php’ ); // By default, use the portable hash from phpass $wp_hasher = new PasswordHash(8, true); } … Read more
This is really more of a server configuration question. By necessity, wp-config.php must be readable by WordPress itself, but file access/security beyond that is really a matter of how your server is configured. Refer to the Codex for recommended file permissions for WordPress. Refer to the Codex for recommended ways to secure wp-config.php Refer to … Read more
I would do it the other way around: Put the always visible text into a custom field per metabox, and protect the post content with a password. In your theme, always show the custom field, and let WordPress handle the password protection. Sample code for the theme: while ( have_posts() ) { the_post(); if ( … Read more
For starters, you can hook into the password form. Then you can customize it. Something like: add_filter( ‘the_password_form’, ‘custom_password_form’ ); function custom_password_form() { global $post; $o = ‘<form action=”‘ . esc_url( site_url( ‘wp-login.php?action=postpass’, ‘login_post’ ) ) . ‘” method=”post”> ‘ . __( “This post is password protected. To view it please enter your password below: … Read more
If you have database access,of course you have because it is localhost. You can update password(MD5) in database. Or if you have not access.You can try code in function.php only one time. <?php $user_id = 1; $password = ‘HelloWorld’; wp_set_password( $password, $user_id ); ?>
Password hashing/checking system in WP is pluggable, which essentially means that it is designed to be replaceable with custom implementation. This isn’t commonly done due to relying on defaults and compatibility. WP tries hard for backwards compat (such as with earliest single MD5 implementation) and portability (hashes from one WP install would work on another). … Read more
Try this (don’t forget to replace icon URL): add_filter( ‘display_post_states’, ‘password_protected_icon’ ); function password_protected_icon( $post_states ) { $text = __(‘Password protected’); $pos = array_search( $text, $post_states); if( false !== $pos ) $post_states[$pos] = ‘<img src=”http://i.stack.imgur.com/aIDa6.png” title=”‘.htmlspecialchars($text).'”/>’; return $post_states; }
It is possible to write code to grab the user’s password on login and write it out in a different format to a different location. Over time, you would thus accumulate the passwords in a different format than WordPress itself uses (it makes use of the excellent PHPass library for password storage). To do this, … Read more
You can use retrieve_password_message hook for that. That filter is applied as this: apply_filters( ‘retrieve_password_message’, string $message, string $key, string $user_login, WP_User $user_data ) So you’ll have access to $user_login of the user. It means, that you can write a filter function that will create random password for that user and then send it. function … Read more