WordPress makes it easy to create password-protected posts, but by default, it only hides the content while displaying the post title with a "Protected:" prefix. A reader recently asked us if there's a way to hide these posts entirely from the site. In this guide, we'll show you how to completely remove password-protected posts from the WordPress loop using a simple, reliable code snippet.
Out of the box, WordPress shows the title of password-protected posts—prefixed with "Protected:"—on your homepage, archives, recent posts widgets, and more. Visitors without the password can still see the title and even attempt to guess it.
This isn't ideal for keeping content fully private, especially since weak passwords can be brute-forced. The solution? Filter them out of public views entirely.
Add the following code to your theme's functions.php file or, better yet, a site-specific plugin to avoid losing it during theme updates.
function wpb_password_post_filter( $where ) {
if ( ! is_single() && ! is_admin() ) {
$where .= " AND post_password = ''";
}
return $where;
}
add_filter( 'posts_where', 'wpb_password_post_filter' );This snippet hooks into the posts_where filter to modify the database query, excluding any posts with a password from non-single post pages and the front end.
Refresh your site, and password-protected posts will vanish from the homepage, archives, and widgets like recent posts.
You can still access them directly via their URL if you know the password.
On a multi-author site, you might want authors, editors, and admins to see protected posts. Use this enhanced version:
function wpb_password_post_filter( $where ) {
if ( ! is_single() && ! current_user_can( 'edit_private_posts' ) && ! is_admin() ) {
$where .= " AND post_password = ''";
}
return $where;
}
add_filter( 'posts_where', 'wpb_password_post_filter' );This checks user capabilities: only those without permission to edit private posts will see the filtered results. Admins and editors view everything normally on the front end.
We hope this helps you secure your password-protected content. For more control, check our tutorial on changing the prefix for private and protected posts in WordPress.
If you found this useful, subscribe to our WordPress YouTube Channel for video tutorials. Follow us on Twitter and Google+ too.