Bug #21826
openPassword Protected page not working when posts feed to it
0%
Description
Hi All,
A user tried to password protect the posts page but I am still able to see it: https://qtheories25.commons.gc.cuny.edu/posts/
In the past, instructors have password protected the page where the posts feed to (designated in settings>reading) and this hid the blog posts from public view. This was a useful workaround for having a public site, but providing a (light) layer of privacy for students writing on the site.I test on this site and the issue appears the same - the page is pw protected, until the admin redirects the posts to the page, which then over rides the pw protection. Currently posts feed to "schedule" which is pw protected but overridden by post feed. If I change where the posts feed to, the pw protection works again on "schedule" page https://lbhtesting.commons.gc.cuny.edu/course-schedule/
Updated by Boone Gorges 18 days ago
Let me make sure I understand what you're trying to do:
1. You created a page called 'Course Schedule' https://lbhtesting.commons.gc.cuny.edu/wp-admin/post.php?action=edit&post=8 and made it password protected
2. This password protection works. If you try to visit https://lbhtesting.commons.gc.cuny.edu/course-schedule/, you will be prompted for a password
3. You then go to Dashboard > Settings > Reading and change 'Your homepage displays - A static page' and then select 'Course Schedule' in the Posts dropdown
4. Now, when you go to https://lbhtesting.commons.gc.cuny.edu/course-schedule/, you see the list of Posts (which is correct) but it's no longer password-protected
Do I have this right? Trying to piece together from your description and the user's.
Are we certain that WP ever supported this? It seems like an odd feature. Password protection level happens at the level of 'the_content', but when you use page_for_posts, you're no longer rendering the page's post_content. Ray, what do you think?
Updated by Laurie Hurson 18 days ago
Hi Boone,
Yes steps 1-4 are correct. Thanks for laying it out more clearly.
I agree and understand that it would be a weird feature but I truly believe this used to work because several instructors used it as a workaround for student posting semi-privately on a public site. Maybe I am going crazy (!) but I really don't think I am. Anyway, if ray reports this weird workaround was never expected behavior, we will have to find a new workaround for semi-private posting or move away from ti altogether (as it was never an ideal method for offering some level privacy anyway)
Updated by Raymond Hoh 18 days ago
Laurie's workflow only works if the "Course Schedule" page is set as the Homepage and not the Posts page. I've just altered Laurie's test site so you can check.
The other issue with making any "Settings > Reading" admin change is the LSCache plugin does not purge the frontpage cache after these changes are made. I had to manually purge the frontpage cache in order for the password protected page to show up for logged-out users. This is another thing we'll need to add to our LSCache to-do list.