WordPress add error message on password protected page

WordPress stored the latest entered password  as a secure hash in a cookie named 'wp-postpass_' . COOKIEHASH.

When the password form is called, that cookie has been validated already by WordPress. So you just have to check if that cookie exists: If it does and the password form is displayed, the password was wrong.

add_filter( 'the_password_form', 'wpse_71284_custom_post_password_msg' );

 * Add a message to the password form.
 * @wp-hook the_password_form
 * @param string $form
 * @return string
function wpse_71284_custom_post_password_msg( $form )
 // No cookie, the user has not sent anything until now.
 if ( ! isset ( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) )
 return $form;

 // Translate and escape.
 $msg = esc_html__( 'Sorry, your password is wrong.', 'your_text_domain' );

 // We have a cookie, but it doesn’t match the password.
 $msg = "<p class='custom-password-message'>$msg</p>";

 return $msg . $form;

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s