Title: Password Protect – Temporary Login Without Password & Password Protect Entire Site Author: Huzaifa Al Mesbah Published: October 16, 2024 Last modified: March 23, 2026 --- Search plugins ![](https://ps.w.org/smart-password-protect/assets/banner-772x250.jpg?rev=3413468) ![](https://ps.w.org/smart-password-protect/assets/icon-256x256.png?rev=3169953) # Password Protect – Temporary Login Without Password & Password Protect Entire Site By [Huzaifa Al Mesbah](https://profiles.wordpress.org/huzaifaalmesbah/) [Download](https://downloads.wordpress.org/plugin/smart-password-protect.1.2.5.zip) * [Details](https://zul.wordpress.org/plugins/smart-password-protect/#description) * [Reviews](https://zul.wordpress.org/plugins/smart-password-protect/#reviews) * [Installation](https://zul.wordpress.org/plugins/smart-password-protect/#installation) * [Development](https://zul.wordpress.org/plugins/smart-password-protect/#developers) [Support](https://wordpress.org/support/plugin/smart-password-protect/) ## Description [Live Demo](https://tastewp.org/plugins/smart-password-protect) | [Support](https://wordpress.org/support/plugin/smart-password-protect/) **Password Protect** is the most powerful and versatile security plugin for WordPress. It combines robust **site-wide password protection** with a modern **temporary login** system, giving you complete control over who accesses your website. Whether you are developing a site in a staging environment, putting your site in maintenance mode, or need to grant temporary admin access to a developer, Smart Password Protect has you covered. We analyzed the top security plugins in the market and built a better, all-in-one solution. Stop installing multiple plugins for “Maintenance Mode”, “Password Protection”, and “Temporary Logins”. Get it all in one lightweight, high-performance package. ### 🔥 Key Features Overview #### 1. 🔐 Password Protect Entire Site (Maintenance Mode) Lock your WordPress site instantly with a single password. This is perfect for staging sites, private portfolios, or maintenance mode. * **One-Click Protection**: Enable or disable protection instantly from the dashboard. * **Brute-Force Protection**: Prevent dictionary attacks with built-in rate limiting that temporarily locks out users after too many incorrect password guesses. * **IP Whitelisting**: Allow specific IP addresses (e.g., your office, home, or client) to bypass the password. * **User Role Bypass**: Allow Administrators or logged-in users to access the site without a password. * **SEO Friendly**: Automatically sends `noindex` headers to prevent Google from indexing your private/staging content. * **Modern Password Form**: A beautiful, responsive login page that looks great on all devices. * **Remember Me**: Users can choose to stay logged in for up to 7 days (configurable). * **Customization**: Easily customize the look and feel of the password page via CSS. #### 2. 🔗 Temporary Login Without Password (Magic Links) Create secure, self-expiring login links to grant temporary admin access without sharing your real credentials. * **Secure Developer Access**: Give developers or support agents admin access safely. * **Auto-Expiration**: Set links to expire after 1 hour, 1 day, 7 days, or a custom date. * **No Credentials Needed**: Users log in simply by clicking the link. No username or password required. * **Role Management**: Assign any role (Admin, Editor, Subscriber) to the temporary user. * **Advanced Options Toggle**: Show/hide advanced settings (Login Limits, User Role) with a simple click. * **Redirect After Login**: Automatically redirect users to a specific page (e. g., Settings, Home, or Custom URL). * **Activity Logs**: Track exactly when a temporary user logs in, their IP address, and browser. * **Login Limits**: Restrict the number of times a link can be used. * **Safe Content Reassignment**: When a temporary user is deleted, any posts, pages, WooCommerce products, or other custom post types they created or modified are automatically reassigned to the admin — never trashed or lost. * **Self-Preservation**: Temporary users cannot deactivate or delete the Smart Password Protect plugin itself. * **Profile Lockdown**: Temporary users are blocked from editing their profile or creating/deleting other users. * **Manual Status Control**: Manually change Temporary Login status (Active, Inactive, Expired) directly from the dashboard. * **Automatic Logout**: Users are immediately logged out when their token becomes inactive or expired. * **Plugin Deactivation Protection**: All temporary users are automatically logged out when the plugin is deactivated. * **Enhanced Security**: Multi-layer authentication validation prevents access with invalid tokens. * **Full Third-Party Compatibility**: Temporary users with admin role can access WooCommerce (products, orders, setup wizard), Elementor, and all other third- party plugin pages without any access issues. #### 3. 🛡️ Advanced Security & Logs Keep a close eye on who is accessing your site and ensure maximum security. * **Detailed Audit Trail**: View a history of every temporary login, including time, IP, and browser. * **Bot Protection**: Blocks search engine crawlers when protection is active. * **Capability Controls**: Restrict temporary admins from deleting plugins or themes. * **Smart Validation**: Automatically checks for token expiration and usage limits before allowing access. * **Real-Time Authentication Control**: Automatically logs out users when tokens are deactivated, expired, or deleted. * **Request-Level Validation**: Validates token status on every request to prevent unauthorized access. * **Secure Cookie-Based Authentication**: Sets secure, httponly cookies that expire automatically after 1 day. #### 4. 🌍 Multi-Language Support Use the plugin in your native language with complete translation support. * **20+ Languages**: German, French, Spanish, Italian, Portuguese, Russian, Chinese( Simplified & Traditional), Arabic, Hindi, Bengali, Dutch, Polish, Czech, Danish, Bulgarian, Catalan, Croatian, and more. * **RTL Support Ready**: Compatible with right-to-left languages. * **Contribute**: Help us translate! Submit translations via [translate.wordpress.org](https://translate.wordpress.org/projects/wp-plugins/smart-password-protect/). ### ⚡ Use Cases for Smart Password Protect **⚡ Use Case #1: Secure Staging & Development Environments** Protect your client’s site while it’s under development. Use the “Password Protection” feature to keep the site hidden from the public and search engines (noindex) while allowing you and your client to view progress. This is the professional way to handle staging sites without complex server configurations. **⚡ Use Case #2: Grant Safe Temporary Access to Developers** Need a developer to fix a bug? Don’t share your admin credentials. Instead, generate a “Temporary Login Link” with a specific role and expiration time. They get one-click access, and you get peace of mind knowing the access will auto-expire and they can’t delete your plugins. **⚡ Use Case #3: Maintenance Mode Made Simple** Updating your site or making design changes? Instantly lock the entire site with a single password. You can whitelist your own IP address to keep working while visitors see a professional password page. It’s faster and easier than installing a dedicated maintenance mode plugin. **⚡ Use Case #4: Exclusive Client Portfolios** Showcase your work privately. Password protect your portfolio site and share the password only with prospective clients. This ensures your creative work remains exclusive and confidential until you are ready to show it to the world. **⚡ Use Case #5: Internal Company Documentation** Create a private hub for your team. Restrict access to internal tools, wikis, or resources. With “User Role Bypass”, your logged-in employees can access content seamlessly without entering a password every time, while outsiders remain blocked. **⚡ Use Case #6: Private Family & Personal Blogs** Share personal stories and photos with only those you trust. Set a simple site-wide password so family and friends can view your content while keeping it safe from strangers and bots. It’s the perfect solution for keeping personal memories private. ### 🚀 Explore Smart Password Protect Features ✅ **Complete Site Protection — 100% FREE** **What it does:** Instantly locks your entire WordPress site behind a secure password screen. Only visitors with the correct password can access your content. **How to use:** 1. Navigate to **Smart Password Protect > Password Protection**. 2. Toggle“ Enable Password Protection” to **On**. 3. Enter your desired password in the “Set Password” field. 4. (Optional) Adjust “Remember Me” duration to control how long users stay logged in. ✅ **Secure Temporary Login Links — No Credentials Needed** **What it does:** Generates a unique “Magic Link” that logs a user in automatically with a specific role and expiration time. Perfect for developers or support agents. ** How to use:** 1. Go to **Smart Password Protect > Temporary Login**. 2. Select an expiration time (e.g., 7 Days). 3. (Optional) Click “+ Show Advanced Options” to set a specific User Role or Login Limit. 4. Click **Generate Link** and copy the URL. ✅ **Passwordless Admin Access** **What it does:** Allows administrators to access the site without entering the protection password, saving time and hassle. **How to use:** 1. Go to **Smart Password Protect > Password Protection > Permissions**. 2. Toggle “Allow Administrators” to **On**. 3. Now, if you are logged into WordPress as an admin, you will bypass the password screen automatically. ✅ **Allow RSS Feeds** **What it does:** Ensures your RSS feeds remain accessible even when the site is password protected. **How to use:** 1. Go to **Smart Password Protect > Password Protection > Permissions**. 2. Toggle “Allow RSS Feeds” to **On**. 3. Your RSS feeds( e.g., /feed) will now be publicly accessible without a password. ✅ **Allow REST API** **What it does:** Allows external applications and mobile apps to access your site’s data via the WordPress REST API by bypassing the protection. **How to use:** 1. Go to **Smart Password Protect > Password Protection > Permissions**. 2. Toggle “ Allow REST API” to **On**. 3. Your site’s REST API endpoints (e.g., /wp-json) will now be accessible. * **Note:** When disabled, API requests will return a `401 Unauthorized` error with the message “Password protection is enabled”. ✅ **Smart IP Whitelisting** **What it does:** Grants instant access to specific IP addresses (like your home or office) so you don’t have to enter a password. **How to use:** 1. Go to **Smart Password Protect > Password Protection > IP Settings**. 2. Click **Auto Fill Input** to detect your current IP address. 3. Click **Add IP** to whitelist it. You can add as many IPs as you need. ✅ **Temporary Login Log** **What it does:** View history of temporary login usage and user actions. **How to use:** 1. Go to **Smart Password Protect > Temporary Login**. 2. Click on the** Logs** tab. 3. View the list of all recent login attempts to ensure no unauthorized access has occurred. ✅ **Auto-Cleanup : Expired Links and Temporary Login Log** **What it does:** Automatically deletes expired temporary login links and users from your database to keep your site clean and secure. **How to use:** 1. Go to** Smart Password Protect > Temporary Login > Settings**. 2. Find the **Expired Links Auto-cleanup** setting. 3. Set the number of days (e.g., 30 days) after which expired logs and users will be permanently deleted. ### ⚡ Reasons Why You Should Opt for Smart Password Protect **⚡ Reason #1: Uncompromising Security & Control** Upgrade your site’s defense mechanisms with ease. Smart Password Protect allows you to lock your entire website instantly with a single password, while offering granular controls like IP Whitelisting and User Role Bypass. Built with advanced encryption and “Self-Preservation” logic, it ensures that temporary users cannot disable the plugin or hijack your site, giving you total peace of mind. **⚡ Reason #2: Eliminate the Risk of Sharing Credentials** Never share your admin username and password again. With our **Temporary Login (Magic Links)** feature, you can generate secure, self-expiring access links for developers or support agents. These links use cryptographically secure tokens and allow one-click access without requiring any credentials. Once the work is done, the access is automatically revoked, keeping your main admin account completely secure. **⚡ Reason #3: Automated & Hands-Free Management** Say goodbye to manual user cleanup. Set your temporary login links to expire automatically after 1 hour, 1 day, or 7 days. Our intelligent “Auto-Cleanup” system runs in the background to permanently remove expired links and temporary user accounts from your database. This “set it and forget it” approach keeps your site clean and reduces administrative overhead. **⚡ Reason #4: Gain Valuable Insights with Activity Logs** Knowledge is power. Stay informed with our detailed **Activity Logs** that tracks every single temporary login event. Monitor exactly who accessed your site, when they logged in, their IP address, and even their browser information. This audit trail is essential for security monitoring and ensures you always have oversight of external access. **⚡ Reason #5: Optimized for Speed & SEO** Don’t let security slow you down. Smart Password Protect is engineered to be lightweight and bloat-free, ensuring zero impact on your site’s loading speed. It also automatically handles SEO best practices by sending `noindex` headers for protected content, preventing Google from indexing staging sites or private pages. Plus, it works seamlessly with major caching plugins like WP Rocket and W3 Total Cache. **⚡ Reason #6: The Ultimate All-in-One Toolkit** Stop cluttering your site with multiple plugins. Smart Password Protect combines robust **Maintenance Mode**, ** Site-Wide Password Protection**, and **Temporary Login** functionality into a single, cohesive package. By consolidating these features, you reduce plugin conflicts, save server resources, and simplify your workflow. **⚡ Reason #7: Intuitive & Modern User Experience** We believe security shouldn’t be complicated. Our plugin features a modern, React-powered dashboard that is intuitive and easy to navigate. From generating links to toggling protection, every action is just a click away. The frontend password form is also fully responsive and customizable, ensuring a professional experience for your visitors on any device. **⚡ Reason #8: Built for Developers** Need more control? We’ve got you covered. Smart Password Protect is packed with hooks and filters, allowing developers to customize functionality to fit specific needs. Whether you need to modify bypass rules, control REST API access, or integrate with other tools, our codebase is clean, documented, and developer-friendly. ### Check out our other Plugins Enhance your WordPress site with our other powerful plugins: * **[Access Defender](https://wordpress.org/plugins/access-defender/)** – Advanced security plugin to protect your WordPress site from unauthorized access and malicious attacks. * **[Contributors Gallery](https://wordpress.org/plugins/contributors-gallery/)**– Showcase your WordPress contributors in a beautiful and customizable gallery layout. * **[Product Spotlight Badge](https://wordpress.org/plugins/product-spotlight-badge/)**– Highlight your WooCommerce products with eye-catching badges to boost sales. * **[Redirect After Logout](https://wordpress.org/plugins/redirect-after-logout/)**– Redirect users to a custom page after logging out for enhanced user experience. * **[Smart Optimizer](https://wordpress.org/plugins/smart-optimizer/)** – Instantly Boost Page Speed with One-Click Optimization * **[Random Quote](https://wordpress.org/plugins/random-quote/)** – Daily Inspirational Quotes for WordPress ## Screenshots * [[ * **Dashboard**: The central hub to view protection status, enable/disable features, and access settings for Password Protection and Temporary Login. * [[ * **General Settings (Password Protection)**: Configure site-wide password and “ Remember Me” duration. * [[ * **IP Settings (Allowed IPs)**: Whitelist IP addresses to bypass password protection automatically. * [[ * **Protection Permissions**: Control bypass rules for Administrators, logged-in users, RSS, and REST API. * [[ * **Frontend Password Screen**: The secure login screen visitors see when the site is protected. * [[ * **Generate Temporary Link**: Create magic links with custom expiration, login limits, and role assignment. * [[ * **Manage Links**: View and manage all active and expired temporary login links. * [[ * **Temporary Login Settings**: Configure global settings, default roles, auto- cleanup intervals, and capability controls (plugins/themes) for temporary users. * [[ * **Activity Logs**: Detailed tracking of temporary login usage and user activity. * [[ * **Temporary Access View**: The frontend experience when accessing via a temporary login link. ## Installation #### Quick Start (Recommended) 1. **Install from WordPress Dashboard:** 2. * Go to **Plugins > Add New**. * Search for “**Smart Password Protect**“. * Click **Install Now** **Activate**. 3. **Configure in 2 Minutes:** 4. * Navigate to **Smart Password Protect**. * You will see the main **Dashboard** with “Manage Features”. * **Password Protection** is enabled by default. Click **Settings** to configure your password or disable the feature if not needed. * **Temporary Login** is enabled by default. Click **Settings** to generate magic links or disable the feature if not needed. #### Manual Installation 1. Download the plugin zip file. 2. Go to **Plugins > Add New > Upload Plugin**. 3. Upload and activate the plugin. 4. Follow the configuration steps above. #### Configuration Guide #### For Site Protection (Maintenance Mode): 1. Go to the **Password Protection** tab. 2. Toggle “Enable Password Protection”. 3. Enter your desired password. 4. (Optional) Click “Auto Fill Input” and then click “Add IP” in **Allow IP Addresses** to whitelist yourself. #### For Temporary Access (Magic Links): 1. Go to the **Temporary Login** tab. 2. Choose an expiration (e.g., 7 Days). 3. * If you need advanced features, click on “+ Show Advanced Options”. * **Max Login Limit:** Optional. Limit the number of times this link can be used. Leave empty or 0 for unlimited. * **Role:** Select the role for the temporary user (e.g., Administrator). 4. Click **Generate Link**. 5. Copy the link and share it with your developer or support agent. #### Customization Options: * **Bypass Rules** – Allow REST API, or logged-in users to bypass protection. * **Auto-Cleanup** – Automatically delete expired temporary links. * **Capability Controls** – Restrict temporary users from deleting, installing, activating, or deactivating plugins and themes. ## FAQ ### Do I need to create a user account for the temporary login? No! The plugin automatically creates a temporary user when the link is generated and deletes/disables it when it expires. ### Can I limit what the temporary user can do? Yes. You can assign a specific role (e.g., Editor) and even restrict capabilities like plugin deletion in the settings. ### Will search engines index my password-protected site? No. When password protection is active, we send a “noindex” signal to search engines to keep your content private. ### Can I whitelist my own IP address? Yes. The plugin detects your current IP, allowing you to whitelist it with one click. ### Is this plugin compatible with page builders like Elementor or Divi? Yes, it works perfectly with all major page builders and themes. Temporary users with the appropriate role (e.g., Administrator) will have full access to Elementor, Divi, and other page builders — just like a regular WordPress user with the same role. ### Can temporary users access WooCommerce pages (products, orders, setup wizard)? Yes! Temporary users with the Administrator or Shop Manager role can access all WooCommerce pages, including Products, Orders, Coupons, Settings, Analytics, and the Setup Wizard. The plugin respects the full capabilities of the assigned WordPress role, so any plugin that adds capabilities to that role (like WooCommerce) will work seamlessly. ### What happens if I deactivate the plugin? If you deactivate the plugin, your site will become accessible to everyone again, and the password protection will be removed. Your settings are saved in the database, so if you reactivate it later, your configuration will be restored. ### Does this plugin work with caching plugins? Yes! Smart Password Protect is designed to work with major caching plugins like WP Rocket, W3 Total Cache, and Autoptimize. It automatically handles caching rules to ensure the password protection works correctly. ### Can I set multiple passwords? Currently, the plugin supports a single site-wide password. We are working on adding support for multiple passwords in a future update. ### How do I reset the password if I forget it? As an administrator, you can simply log in to your WordPress dashboard (your-site. com/wp-admin), go to Settings > Smart Password Protect, and enter a new password. ### Can I protect specific pages or posts? Not yet, but this is our #1 requested feature! We are actively working on “Granular Protection” to allow you to lock individual pages, posts, and categories. Stay tuned for the next update. ### What if I get locked out of my own site? If you accidentally lock yourself out and can’t access the admin area, you can manually disable the plugin by renaming the `smart-password-protect` folder in `wp-content/ plugins/` via FTP or your hosting file manager. This will automatically deactivate the plugin. ### Does this block the WordPress REST API? By default, yes. When blocked, any request to the REST API will return a `401 Unauthorized` error with the code `rest_forbidden`. You can enable “Allow REST API” in the Permissions settings if you need to allow access for mobile apps or third-party integrations. ### Can I still access the normal wp-login.php page? Yes. We have a specific setting “Allow Login Page” which ensures that your standard WordPress login page remains accessible, so you and your team can log in normally. ### What happens to RSS feeds when password protection is enabled? By default, RSS feeds are also password protected. If a user tries to access a protected feed, they will see the password form (served as HTML) instead of the feed content. ### Can I allow RSS feeds while keeping the site protected? Yes. You can enable “Allow RSS Feeds” in the Permissions settings. This allows RSS readers and users to access your site’s feeds without entering a password, while the rest of the site remains locked. ### My RSS reader shows a password form. How can I fix this? This happens because the feed is password protected. To fix this, go to **Smart Password Protect > Password Protection > Permissions** and enable “Allow RSS Feeds”. ### I’m getting a ‘rest_forbidden’ error. How do I resolve this? This error occurs because the REST API is blocked by default. If you need to allow access (e.g., for a mobile app), go to **Smart Password Protect > Password Protection > Permissions** and enable “Allow REST API”. ### What happens to content created by a temporary user when I delete them? All content (posts, pages, WooCommerce products, and other custom post types) created or modified by the temporary user is automatically **reassigned to the admin** who created the temporary login link. Nothing is lost or trashed. This works exactly like WordPress’s built-in “Attribute all content to” option when deleting a user from Users > All Users. ### Is it safe to delete a temporary user who has made changes to my site? Yes, it is completely safe. When you delete a temporary login token (or when auto- cleanup removes an expired token), the plugin ensures all content is transferred to the admin account before deleting the temporary user. This includes: * **New posts/pages** the temporary user created * **Existing content** they edited or modified * **WooCommerce products** (including variations, pricing, and inventory changes) * **Other custom post types** (portfolio items, testimonials, events, etc.) The content will appear under the admin’s name in the Posts/Pages/Products list, and all published content remains live on the frontend with no downtime or broken product links. ### What actions by temporary users are tracked in the Activity Logs? The Activity Logs track all significant actions performed by temporary users, including: * **Login events**: When a temporary user logs in, including IP address and timestamp. * **Post actions**: Creating, editing, publishing, trashing, or deleting posts, pages, and custom post types. * **Plugin actions**: Activating, deactivating, uploading, or deleting plugins ( if allowed in settings). * **Theme actions**: Switching or deleting themes (if allowed in settings). You can review the full activity history in **Smart Password Protect > Temporary Login > Logs tab** before deciding to delete a temporary user. ### Do I need to manually delete expired temporary links? No. You can configure “Expired Links Auto-cleanup” in the Temporary Login settings to automatically remove old links and users after a set number of days (e.g., 30 days). When auto-cleanup removes expired tokens, content is automatically reassigned to the admin — the same safe behavior as manual deletion. ### Can temporary admins delete other users? No. Our security module specifically blocks temporary users from creating, deleting, or editing other user accounts, ensuring they cannot hijack your site. ### Can a temporary user deactivate this plugin? No. We have built-in “Self-Preservation” logic that prevents temporary users from deactivating the Smart Password Protect plugin, ensuring your site remains secure. ### Can temporary users edit their profile (change email/password)? No. Access to the profile editing screen is blocked for temporary users to prevent them from changing account credentials or settings. ### What happens if a link is used more than the allowed limit? The plugin will immediately block the login attempt and show an error message stating that the link has reached its usage limit. ### How long does the temporary login last? Once logged in, the authentication is valid for 24 hours (standard WordPress login duration). The user must use the link again (if it hasn’t expired) to log back in after this period. ### Is the login link secure? Yes. We use a unique, randomized token for each link. Additionally, we validate the token against expiration time and usage limits on every single access attempt. ### Is the password protection page mobile friendly? Yes! The password form is fully responsive and optimized for all devices, ensuring your visitors have a smooth experience on phones, tablets, and desktops. ### How long do visitors stay logged in after entering the password? By default, the “Remember Me” option keeps them logged in for 7 days. You can adjust this duration in the General Settings. ### Can I customize the password page design? The plugin comes with a clean, modern design out of the box. You can further customize it using custom CSS in your theme or by overriding the plugin styles. ### What happens if someone tries to guess my password too many times? Smart Password Protect includes built-in brute-force protection. After 5 incorrect password attempts, the IP address is temporarily locked out from the password form for 15 minutes to prevent automated dictionary attacks. ### How are my passwords stored? Passwords are not stored in plain text. They are securely encrypted in your WordPress database using the core `wp_hash_password()` function and authenticated using high- security HMAC-SHA256 cookies. ### How does the plugin handle IP address detection? Smart Password Protect uses a hardened IP detection algorithm. Unlike many plugins that blindly trust `X-Forwarded-For` HTTP headers (which can be easily spoofed by attackers to bypass protection), our plugin securely validates the remote header chain against the actual remote address to prevent IP spoofing attacks. ### Can temporary login links be leaked in browser history or referer headers? No. Our magical link generation system uses specialized redirection techniques to ensure the sensitive login token is immediately consumed and scrubbed. It will never be exposed in browser history, server logs, or third-party `Referer` headers. ## Reviews ![](https://secure.gravatar.com/avatar/e098937f66ffe806198d58d88318b323cc5fcba04e974c1fc591e83aabb38458? s=60&d=retro&r=g) ### 󠀁[Amazing Features](https://wordpress.org/support/topic/amazing-features-27/)󠁿 [Md Abul Bashar](https://profiles.wordpress.org/hmbashar/) December 18, 2025 1 reply Fantastic plugin! It really helps me find what I need. Thank you to the developer for creating this time-saving tool. ![](https://secure.gravatar.com/avatar/39750dae97d0eeff74ca4245da3153be963006bf673be3dccdc8610b5a3f7d85? s=60&d=retro&r=g) ### 󠀁[Warning! Affects other plugins in the WordPress interface](https://wordpress.org/support/topic/warning-affects-other-plugins-in-the-wordpress-interface/)󠁿 [thommueller](https://profiles.wordpress.org/thommueller/) December 18, 2024 3 replies Unfortunately destroys the tab navigation of other plugins in the WP-Interface!For me it is Relevanssi and Statify. After disabling Smart Password Protect, everything works normally again.I have tested it several times. It is due to this plugin. ![](https://secure.gravatar.com/avatar/b23a512f8acc8f14813ab489c8b9e0c5cbb49a0a181192c18d73238502fd4291? s=60&d=retro&r=g) ### 󠀁[Effortless Security with Smart Password Protect Plugin](https://wordpress.org/support/topic/effortless-security-with-smart-password-protect-plugin/)󠁿 [Sobuj Mahamud](https://profiles.wordpress.org/sobujmahamud786/) October 20, 2024 If you’re working on a WordPress site in a staging or development environment, Smart Password Protect is the perfect tool. It allows you to keep your project secure with both password protection and IP whitelisting, ensuring only authorized users can view your content. The bot detection and anti-indexing features are a huge plus for keeping your site hidden from the public eye. This plugin is lightweight, easy to configure, and a fantastic addition to any WordPress developer’s toolkit! [ Read all 3 reviews ](https://wordpress.org/support/plugin/smart-password-protect/reviews/) ## Contributors & Developers “Password Protect – Temporary Login Without Password & Password Protect Entire Site” is open source software. The following people have contributed to this plugin. Contributors * [ Huzaifa Al Mesbah ](https://profiles.wordpress.org/huzaifaalmesbah/) “Password Protect – Temporary Login Without Password & Password Protect Entire Site” has been translated into 9 locales. Thank you to [the translators](https://translate.wordpress.org/projects/wp-plugins/smart-password-protect/contributors) for their contributions. [Translate “Password Protect – Temporary Login Without Password & Password Protect Entire Site” into your language.](https://translate.wordpress.org/projects/wp-plugins/smart-password-protect) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/smart-password-protect/), check out the [SVN repository](https://plugins.svn.wordpress.org/smart-password-protect/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/smart-password-protect/) by [RSS](https://plugins.trac.wordpress.org/log/smart-password-protect/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.2.5 * Fix: Removed deprecated `load_plugin_textdomain()` call to align with modern WordPress translation standards. * Improvement: Resolved false-positive WP Plugin Check warnings regarding direct database queries. * Improvement: Excluded developmental configuration files from the final production plugin payload. * Improvement: Unified global variable naming conventions in frontend template files. #### 1.2.4 * Fix: Content created or modified by temporary users is now reassigned to the admin instead of being trashed when the temp user is deleted * Security: Passwords are now hashed using wp_hash_password() instead of stored in plaintext * Security: Prevent IP spoofing bypasses by securing IP address detection * Security: Temp user detection now relies solely on database user_meta instead of client-side cookies * Security: Added sanitize and validate callbacks to all REST API routes * Security: Added brute-force rate-limiting protection to the password form * Security: Temporary login tokens are no longer exposed in browser history or referer headers * Security: Temporary users are now created with a site-specific email domain instead of example.com * Security: Temporary user roles are now properly validated against registered WordPress roles before creation * Improvement: Replaced soft-deprecated `current_time('timestamp')` with standard` time()` across the codebase * Security: Auth cookie now uses HMAC-SHA256 signature instead of storing password hash * Security: Password hash is no longer exposed via the REST API * Improvement: Cookie verification is ~5000× faster (HMAC vs bcrypt on every page load) * Improvement: Migration system with version-gated upgrades (Migrator class) * Improvement: Password field shows actual character count with dot indicators * Improvement: Admin can clear password to disable protection * Fix: Auth cookie no longer stores the password hash directly * Fix: Dashboard CSS version now follows plugin version to prevent stale cache after updates * Fix: Fallback for falsy boolean values in API endpoints * Fix: Removed duplicate docblocks in AdminBar class * Security: Used `$wpdb->prepare` for table identifiers in all direct SQL queries * Fix: Temporary users with admin role can now access WooCommerce, Elementor, and other third-party plugin pages * Improvement: Temporary user role is synced from token data on login, ensuring consistent permissions * Improvement: Temporary user role is now immediately updated when changed from the dashboard * Improvement: Temporary usernames now use the `sppwp-temp-` prefix for better identification * **Props**: Thanks to [Kamrul Hasan (bosskhj)](https://profiles.wordpress.org/bosskhj/) for suggesting the temporary user content reassignment fix. #### 1.2.3 * **Fix**: Fixed Protected Permissions settings not saving when toggling options. * **Improvement**: Merged community translations from translate.wordpress.org for Arabic, Croatian, Dutch (Belgium), and Spanish. * **Props**: Thanks to [Jurica Zuanovic (yuraz)](https://profiles.wordpress.org/yuraz/), [Pieterjan Deneys (NekoJonez)](https://profiles.wordpress.org/nekojonez/), [Fernando Tellado (fernandot)](https://profiles.wordpress.org/fernandot/), and [Morten Ellegaard Larsen (ellegaarddk)](https://profiles.wordpress.org/ellegaarddk/) for translation contributions and reviews. #### 1.2.2 * **Improvement**: Improved translation accuracy and workflow. * **Improvement**: Merged community translations from translate.wordpress.org for Bengali, Hindi, Dutch, and Russian. * **Props**: Thanks to [Noruzzaman](https://profiles.wordpress.org/noruzzaman/), [Ghazi Asif Salahuddin (Lenin)](https://profiles.wordpress.org/leninzce/), [Sumit Singh](https://profiles.wordpress.org/sumitsingh/), [Peter Smits](https://profiles.wordpress.org/psmits1567/), and [Irina](https://profiles.wordpress.org/irinashl/) for translation contributions and reviews. #### 1.2.1 * **Fix**: Fixed temporary users being blocked from accessing options.php (now allowed for settings access). * **Improvement**: Added responsive mobile design with card-based table layout. * **Improvement**: Improved Dashboard and settings page styling with CSS classes instead of inline styles. * **New**: Added 17 new language translations – Bulgarian, Catalan, Czech, German, English (Australia), French, Croatian, Italian, Dutch (Belgium), Polish, Portuguese( Brazil), Russian, and Chinese (Taiwan). * **Props**: Thanks to [Kamrul Hasan](https://profiles.wordpress.org/bosskhj/) for suggesting the mobile and tablet responsive support. #### 1.2.0 * **New Feature**: Manually change Temporary Login status (Active, Inactive, Expired) directly from the dashboard. * **New Feature**: Added Bengali (বাংলা) language support – Full translation for all plugin interfaces. * **Security**: Temporary users are now immediately logged out when their token status changes to inactive or expired. * **Security**: Temporary users are automatically logged out when their tokens are deleted. * **Security**: All temporary users are automatically logged out when the plugin is deactivated. * **Security**: Enhanced authentication validation to prevent access with inactive or expired tokens. * **Improvement**: Comprehensive code refactoring for better maintainability and DRY principles (~1,300+ lines of duplicate code eliminated). * **Improvement**: Improved feedback messages when updating token status (includes“ feature” keyword for clarity). * **Improvement**: Enhanced REST API parameter handling with helper methods. * **Fix**: Fixed authentication persistence issue where inactive/expired tokens maintained active logged-in state. * **Performance**: Improved plugin performance and reduced memory usage through code optimization. #### 1.1.1 * **New Feature**: Added “Request Feature” link to admin bar and header navigation for easier feedback. * **New Feature**: Added “Helpful Links” sidebar widget in the Dashboard for quick access to support and reviews. * **Improvement**: Updated UI with modern accent colors and improved styling. * **Fix**: Corrected feature toggle option handling to ensure reliability. * **Fix**: Improved translation support for modal dialogs. #### 1.1.0 * **New Feature**: Temporary Login Links – Create magic links with expiration, login limits, and role assignment. * **New Feature**: Activity Logs – Track detailed usage history of temporary login links. * **New Feature**: Dashboard – Centralized hub for managing plugin features and status. * **New Feature**: Advanced Permissions – Granular control over who can bypass protection (RSS, REST API, etc.). * **New Feature**: Capability Controls – Restrict temporary users from performing plugin/theme actions. * **Improvement**: Refactored codebase for better performance and maintainability. * **Improvement**: Real-time settings updates for a smoother user experience. #### 1.0.1 * Fixed conflicts with other plugins. * Fixed navigation tab conflicts. * Improved CSS and JS performance. #### 1.0.0 * Initial release. ## Meta * Version **1.2.5** * Last updated **4 weeks ago** * Active installations **80+** * WordPress version ** 5.6 or higher ** * Tested up to **7.0** * PHP version ** 7.4 or higher ** * Languages * [Arabic](https://ar.wordpress.org/plugins/smart-password-protect/), [Bengali (Bangladesh)](https://bn.wordpress.org/plugins/smart-password-protect/), [Croatian](https://hr.wordpress.org/plugins/smart-password-protect/), [Czech](https://cs.wordpress.org/plugins/smart-password-protect/), [Danish](https://da.wordpress.org/plugins/smart-password-protect/), [Dutch](https://nl.wordpress.org/plugins/smart-password-protect/), [Dutch (Belgium)](https://nl-be.wordpress.org/plugins/smart-password-protect/), [English (US)](https://wordpress.org/plugins/smart-password-protect/), [Hindi](https://hi.wordpress.org/plugins/smart-password-protect/), and [Russian](https://ru.wordpress.org/plugins/smart-password-protect/). * [Translate into your language](https://translate.wordpress.org/projects/wp-plugins/smart-password-protect) * Tags * [maintenance mode](https://zul.wordpress.org/plugins/tags/maintenance-mode/)[Password Protect](https://zul.wordpress.org/plugins/tags/password-protect/) [passwordless login](https://zul.wordpress.org/plugins/tags/passwordless-login/) [restrict content](https://zul.wordpress.org/plugins/tags/restrict-content/)[temporary login](https://zul.wordpress.org/plugins/tags/temporary-login/) * [Advanced View](https://zul.wordpress.org/plugins/smart-password-protect/advanced/) ## Ratings 3.7 out of 5 stars. * [ 2 5-star reviews ](https://wordpress.org/support/plugin/smart-password-protect/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/smart-password-protect/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/smart-password-protect/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/smart-password-protect/reviews/?filter=2) * [ 1 1-star review ](https://wordpress.org/support/plugin/smart-password-protect/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/smart-password-protect/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/smart-password-protect/reviews/) ## Contributors * [ Huzaifa Al Mesbah ](https://profiles.wordpress.org/huzaifaalmesbah/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/smart-password-protect/)