Title: Password protected posts – behavour changed Last modified: January 3, 2019 --- # Password protected posts – behavour changed * Resolved [Shane](https://wordpress.org/support/users/shanemarsh28/) * (@shanemarsh28) * [7 years, 5 months ago](https://wordpress.org/support/topic/password-protected-posts-behavour-changed/) * Hi, * Currently we were on version I think 1.5 (possibly 1.3.4.2 not 100% sure) . Attempted upgrade to version 1.5.2.1 and the behaviour of WordPress password protected pages has changed. Prior to upgrade, it seemed the password was accepted via some sort of Ajax or post request to the page you are on – like submitting a form. When I updated to 1.5.2.1 that changed to a redirect to: /wp-login.php? action=postpass * For security, we have wp-login.php blocked in our Nginx configuration so this update produced a series of 500 errors when users attempted enter their password to a protected page. * Is this now new expected behaviour? Please advise. I have rolled back the plugin to our previous version which is working as expected. * Shane. Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Author [NicolasKulka](https://wordpress.org/support/users/nicolaskulka/) * (@nicolaskulka) * [7 years, 5 months ago](https://wordpress.org/support/topic/password-protected-posts-behavour-changed/#post-11059089) * Hello, * Yes it’s now working, because I was noticed that the hidden URL for the admin was displayed in the source code, or the plugin can hide this new URL to access the back office. * So there was a fix to display the classic WordPress URL for hiding the URL you chose. * Thread Starter [Shane](https://wordpress.org/support/users/shanemarsh28/) * (@shanemarsh28) * [7 years, 5 months ago](https://wordpress.org/support/topic/password-protected-posts-behavour-changed/#post-11059569) * Hi Nicolas, * Thanks for your reply! I’m sorry but I don’t fully understand what you mean. When submitting a form, is the new redirect to: /wp-login.php?action=postpass now expected behaviour or not? * Shane 🙂 * Plugin Author [NicolasKulka](https://wordpress.org/support/users/nicolaskulka/) * (@nicolaskulka) * [7 years, 5 months ago](https://wordpress.org/support/topic/password-protected-posts-behavour-changed/#post-11060110) * Yes exactly and not the hidden url given by wps hide login. * Thread Starter [Shane](https://wordpress.org/support/users/shanemarsh28/) * (@shanemarsh28) * [7 years, 5 months ago](https://wordpress.org/support/topic/password-protected-posts-behavour-changed/#post-11060127) * Ahh OK. Is there a way of continuing to use the hidden login? * This will cause problems for us because we have wp-login.php blocked at server level for security reasons. Our servers get a lot of brute force attempts on that file which was one of the reasons for wanting to hide it in the first place. * Plugin Author [NicolasKulka](https://wordpress.org/support/users/nicolaskulka/) * (@nicolaskulka) * [7 years, 5 months ago](https://wordpress.org/support/topic/password-protected-posts-behavour-changed/#post-11060171) * Not possible to use the hidden login. * You have to disable it on the server side, so that you do not have any more worries and disable XMLRPC that’s where you have the brute force attempts normally * Thread Starter [Shane](https://wordpress.org/support/users/shanemarsh28/) * (@shanemarsh28) * [7 years, 5 months ago](https://wordpress.org/support/topic/password-protected-posts-behavour-changed/#post-11060506) * OK we will have to consider an alternative plugin in this case then because allowing/ wp-login.php to accept requests for us is a no go option – it partially defeats the whole point of hiding wp-login.php and /wp-admin if your just going to use it anyways. I would suggest that others will have issues with this update too. * Don’t worry, we have XMLRPC entirely disabled too 🙂 Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Password protected posts – behavour changed’ is closed to new replies. * ![](https://ps.w.org/wps-hide-login/assets/icon-256x256.png?rev=1820667) * [WPS Hide Login](https://wordpress.org/plugins/wps-hide-login/) * [Frequently Asked Questions](https://wordpress.org/plugins/wps-hide-login/#faq) * [Support Threads](https://wordpress.org/support/plugin/wps-hide-login/) * [Active Topics](https://wordpress.org/support/plugin/wps-hide-login/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wps-hide-login/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wps-hide-login/reviews/) * 6 replies * 2 participants * Last reply from: [Shane](https://wordpress.org/support/users/shanemarsh28/) * Last activity: [7 years, 5 months ago](https://wordpress.org/support/topic/password-protected-posts-behavour-changed/#post-11060506) * Status: resolved