Password Protect. Disable browser "save password" functionality.

Is there any way to disable browser "save password" functionality using the password protect plugin or any other plugin. My research tells me that one method would be to reset the autocomplete function from true to false. But I don't see any reference to autocomplete in the edit script for the password protect plugin.

Thanks for your help.
Bob

  • Vinod Dalvi

    Hi Bob,

    Welcome to the WPMU Dev community and thank you for your question.

    You can try using solution posted in the following reply to disable it.

    http://stackoverflow.com/a/32386/1287548

    Do you want to disable the browser "save password" functionality specifically of our following Password Protect plugin?

    https://premium.wpmudev.org/project/password-protect-selected-content/

    Kind Regards,
    Vinod Dalvi

  • Bob

    Thanks Vinod

    The stackhouse article best describes the situation I would like to remedy. He asked the question..... "Is there a way for a site to tell the browser not to offer to remember passwords? I've been around web development a long time but don't know that I have come across that before." I don't have any interest in making changes in anyone's browser.

    It seems that the simplist answer is to make the change in the "form" from autocomplete="on" to autocomplete="off". The problem I have is that I don't know what form they are speaking of or where to find it so I can make this change.

    Can anyone explain that to me? I am using Wordpress 3.9.2 with the Twenty Fourteen theme.

    Thanks in advance - Bob

  • Bob

    Thanks again Vinod

    I can see the form but there is no autocomplete function included here. This is what it looks like to me. Should I be adding something in here?

    '<form action="' . admin_url('admin-ajax.php') . '" method="post"><input type="hidden" name="action" value="psc-set" />
    <p>' . __("Please enter your password below:", 'psc') . '</p>
    <p><label for="' . $label . '">' . __("Password:", 'psc') . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit", 'psc') . '" /></p>
    </form>

  • Vinod Dalvi

    Don't add anything there as changes made in the plugin file will be overwritten and lost when you update the plugin and you will have to make these again after plugin updation.

    Instead try adding the following code in the functions.php file of your child theme

    remove_shortcode('protect');
    add_shortcode( 'protect', 'custom_shortcode' );
    
      function custom_shortcode( $atts, $content = null ) {
        extract( shortcode_atts( array(
          'password' => false
      	), $atts ) );
    
    		//skip check for no content
        if ( is_null( $content ) )
          return;
    
    		//if no pass set don't protect
    		if ( !$password )
        	return do_shortcode( $content );
    
    		//check cookie for password
    		if ( isset( $_COOKIE['psc-postpass_' . COOKIEHASH] ) && $_COOKIE['psc-postpass_' . COOKIEHASH] == sha1( $password ) ) {
       		return do_shortcode( $content );
    		} else {
    		  $label = 'pwbox-' . rand();
    			return '<form action="' . admin_url('admin-ajax.php') . '" method="post" autocomplete="off"><input type="hidden" name="action" value="psc-set" />
    			<p>' . __("This content is password protected. To view it please enter your password below:", 'psc') . '</p>
    			<p><label for="' . $label . '">' . __("Password:", 'psc') . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit", 'psc') . '" /></p>
    			</form>
    			';
    		}
      }
  • Bob

    That worked great. I tried it in all three browsers and it seems to be working fine.

    Your comment about making changes in the functions file using a child theme makes sense and that it is what I did. But I also added a little more code to what you sent to me so I would be able to change the amount of time before the cookie expires. That does not seem to work. Would you mind helping me with that. Here is what I added to the code you sent to me. I wanted the cookie to expire after one hour.

    function set_password() {
    
    	  if ( get_magic_quotes_gpc() )
    			$_POST['post_password'] = stripslashes( $_POST['post_password'] );
    
    	  //set cookie for 10 days
        setcookie( 'psc-postpass_' . COOKIEHASH, sha1( $_POST['post_password'] ), time() + 3600, COOKIEPATH );
    
    		//jump back to post
    		wp_safe_redirect( wp_get_referer() );
    		exit;
    	}
  • Jack Kitterhing

    Hi there @Bob,

    Hope you're well today! :slight_smile:

    That code won't work I'm afraid, as the set_password function isn't hookable, reference here http://code.tutsplus.com/articles/the-beginners-guide-to-wordpress-actions-and-filters--wp-27373

    There's no way we can filter or change that, you'd need to make your changes in the core of the plugin, which would be a lost on a plugin update.

    If we can assist at all, please don't hesitate to ask.

    Thanks!

    Kind Regards
    Jack.

  • Bob

    That's too bad. I thought this was going to be the perfect plugin. It won't be to big a deal to change but it is another one of those many little things that have to be dealt with.

    Recently I read a help article on the password protect feature that comes with the standard wordpress installation. In there they offered a solution to this problem. But I think that is different because this is a plugin and that was part of the regular script offered by wordpress.

    Maybe there will be a day when one of your clever developers will figure it out.

    Thanks anyway.

    Bob

    Bob

  • Vinod Dalvi

    Hi Bob,

    You can change the cookie expiration timing of Password Protect plugin without changing plugin code by adding the following code in the functions.php file of your child theme.

    remove_all_actions( 'wp_ajax_nopriv_psc-set' );
    remove_all_actions( 'wp_ajax_psc-set' );
    //handle cookie
    add_action( 'wp_ajax_nopriv_psc-set', 'custom_set_password' );
    add_action( 'wp_ajax_psc-set', 'custom_set_password' );
    function custom_set_password() {
    
      if ( get_magic_quotes_gpc() )
    		$_POST['post_password'] = stripslashes( $_POST['post_password'] );
    
    	//set cookie for one hour
    	setcookie( 'psc-postpass_' . COOKIEHASH, sha1( $_POST['post_password'] ), time() + 3600, COOKIEPATH );	    	     		 	 	  
    
    	//jump back to post
    	wp_safe_redirect( wp_get_referer() );
    	exit;
    }

    Best Regards,
    Vinod Dalvi

  • Vinod Dalvi

    Hi Max,

    Next, I will will be looking for the addition of an error message if the user puts in a wrong password. I think I should start a new topic for this. I want to look through some of the existing posts first.

    Currently the plugin doesn't display any error message on entering wrong password.

    There is already a feature request created for this feature on the following thread and this feature may be added in future version of plugin but We don't publish ETAs to prevent disappointment if a deadline is missed(which in plugin development quite a frequent occurrence!).

    https://premium.wpmudev.org/forums/topic/adding-an-error-message-to-password-protect-invalid-password-etc

    Cheers,
    Vinod Dalvi

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.