Summery Summery

Checks if the user can access password-protected content.

Syntax Syntax

WP_REST_Posts_Controller::can_access_password_content( WP_Post $post, WP_REST_Request $request )

Description Description

This method determines whether we need to override the regular password check in core with a filter.

Parameters Parameters


(Required) Post to check against.


(Required) Request data to check.

Return Return

(bool) True if the user can access password-protected content, otherwise false.

Source Source

File: wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

	public function can_access_password_content( $post, $request ) {
		if ( empty( $post->post_password ) ) {
			// No filter required.
			return false;

		// Edit context always gets access to password-protected posts.
		if ( 'edit' === $request['context'] ) {
			return true;

		// No password, no auth.
		if ( empty( $request['password'] ) ) {
			return false;

		// Double-check the request password.
		return hash_equals( $post->post_password, $request['password'] );


Changelog Changelog

Version Description
4.7.0 Introduced.


Leave a Reply