Master Post Password
Define a master post password that works for all passworded posts, while permitting the original post passwords to also work.
Plugin info
Maintenance & Compatibility
Maintenance score
Stale • Last updated 250 days ago • Support resolved 0% • 4 reviews
Is Master Post Password abandoned?
Likely maintained (last update 250 days ago).
Compatibility
Developers
Languages
Similar & Alternatives
Explore plugins with similar tags, and compare key metrics like downloads, ratings, updates, support, and WP/PHP compatibility.
Description
Define a master post password that works for all passworded posts, while permitting the original post passwords to also work.
Once the master post password has been provided by a visitor for any passworded post on the site, it applies to unlock all other passworded posts (without needing to provide the master post password again for each such post) until the site’s cookies expire in the browser.
There are two means by which the master post password can be defined:
a.) As a constant, C2C_MASTER_POST_PASSWORD. This is typically done in wp-config.php like so:
define( 'C2C_MASTER_POST_PASSWORD', 'your_master_post_password' );
b.) Via the settings field labeled “Master Post Password” found on the Settings -> Reading admin page.
If the constant is defined, it takes precedence and the settings field is NOT displayed.
Links: Plugin Homepage | Plugin Directory Page | GitHub | Author Homepage
Installation
- Install via the built-in WordPress plugin installer. Or install the plugin code inside the plugins directory for your site (typically
/wp-content/plugins/). - Activate the plugin through the ‘Plugins’ admin menu in WordPress
- Set a master post password
a. via the ‘Settings’ -> ‘Reading’ admin menu
b. (optional; advanced) Set the master post password viaC2C_MASTER_POST_PASSWORDconstant. This also serves to prevent the admin option from being displayed.
Frequently Asked Questions
Yes.
Yes. A visitor can supply either the post’s password or the master post password to access the content.
No. It only affects posts that already have a post password.
No. Any explicitly set post password remains unchanged and functional. The master post password is saved separately from posts.
No, if you provide the master post password for one post, it’ll automatically be applied to all passworded posts until the site’s browser cookies expire.
Other than the obvious (the master post password has a new value), all existing users of the old master post password will expire when a browser attempts to view a passworded post. The visitor will have to provide the original post password(s) or the new master post password. If a visitor accessed a passworded post using the post’s explicitly set post password, then they will not be affected by a master post password change.
No. As is the case for post passwords in WordPress, the master post password is stored in the database as plaintext. That is unless the master post password is set by a constant, in which case it is never stored in the database and only in the given .php file (typically wp-config.php, where other site passwords are defined).
The master post password is shown using a password input field, so it is not visibly exposed to those who may be looking over your should or if you’re doing a screenshare while navigating the admin. But you are encouraged to use the constant if you wish to keep the password as private and secure as possible.
Are you logged in as an administrative user who can access the “Settings” -> “Reading” admin page? Is the plugin installed and activated?
Assuming those are true, have you set a master post password via the C2C_MASTER_POST_PASSWORD constant? If so, the admin setting will not be displayed.
Yes. The tests are not packaged in the release .zip file or included in plugins.svn.wordpress.org, but can be found in the plugin’s GitHub repository.
Yes.
Yes. This plugin does not collect, store, or disseminate any information from any users or site visitors.
Review feed
Screenshots
A screenshot of the
Settings->Readingadmin page showing the "Master Post Password" input field.
Changelog
1.4 (2025-04-23)
- New: Hide password via password input field, but allow its display to be toggled
- Change: Add translation context for label of setting field
- Change: Discontinue unnecessary explicit loading of textdomain
- Change: Specify sanitization callback for registered setting
- Change: Ignore unnecessary PHPCS complaint
- Change: Note compatibility through WP 6.8+
- Change: Note compatibility through PHP 8.3+
- Unit tests:
- Change: Explicitly define return type for overridden methods
- Change: Explicitly define class variable to prevent PHP deprecation notice
- New: Add some potential TODO items
1.3.8 (2025-01-12)
- Change: Prevent translations from containing unintended markup
- Change: Note compatibility through WP 6.7+
- Change: Update copyright date (2025)
- New: Add
.gitignorefile - Change: Remove development and testing-related files from release packaging
- Change: Tweak formatting in
README.md - Unit tests:
- Hardening: Prevent direct web access to
bootstrap.php - Allow tests to run against current versions of WordPress
- New: Add
composer.jsonfor PHPUnit Polyfill dependency - Change: In bootstrap, store path to plugin directory in a constant
- Change: Prevent PHP warnings due to missing core-related generated files
- Hardening: Prevent direct web access to
- Change: Add more potential TODO items and reformat some existing entries
1.3.7 (2023-08-05)
- Change: Note compatibility through WP 6.3+
- Change: Update copyright date (2023)
Full changelog is available in CHANGELOG.md.