Description
As a WordPress owner who values both security and a seamless user experience, you often face the challenge of protecting sensitive information. Most password solutions force your visitors to register for an account, granting them potential access to your WordPress environment.
This is where “OTP Content Protect” comes in, offering an innovative way to protect your content with a One-Time Password (OTP).
Our plugin was designed to give you full control over your content without opening the doors to your WordPress backend for strangers. Easily and effectively protect individual posts, pages, or even downloads. Your visitors don’t need an account and don’t have to register—they simply enter the one-time password you provide and get instant access.
By not granting unnecessary backend access, you actively minimize the risk of hacker or spam activities. “OTP Content Protect” is the perfect blend of simplicity, security, and innovation, making it the ideal password protection for your WordPress site when you need to lock specific content without burdening users with registration.
Support & Feature Requests
We are constantly developing the plugin and welcome your feedback!
- For questions or issues, please use the official Support Forum on WordPress.org or report a bug directly via our Submit a Bug form.
- Have an idea for a new feature? Submit your feature request easily through our website: Submit a Feature Request.
Features
- Protection Without Registration: The key advantage—visitors don’t need a WordPress account.
- Flexible Content Protection: Secure posts, pages, or any custom post type.
- Simple Password Generation: Creates secure, alphanumeric OTPs (8–10 characters).
- Full Control: Stores creation date, optional expiration date, and a timestamp of when it was used.
- Reusable Passwords: A used OTP can easily be reset for reuse.
- Modern Admin Interface: AJAX-powered content list with search and convenient post-type tabs.
- Clean Uninstall: An uninstall script completely removes all plugin data from the database upon deletion if desired.
- Built for the World: Fully internationalized (i18n) and ready for translation.
Usage
- Go to the OTP Protect settings page.
- Select the content to protect and generate or enter an OTP.
- (Optional) Set an expiration date.
- Save the OTP and share it with the intended users.
- When a visitor accesses the protected content, they will see a simple input form for the password.
- Upon valid entry, the original content is displayed instantly.
- In the admin overview, you can easily reset or delete used OTPs.
Screenshots
The settings page—a clear overview of all generated one-time passwords with key actions like edit, delete, and reset. 
The simple password input form a visitor sees on a protected page. 
Installation
- Unzip and upload the
otp-content-protectfolder to your/wp-content/plugins/directory. Alternatively, find and install it directly via the “Add New” plugin screen. - Activate the plugin through the ‘Plugins’ menu in WordPress.
- Navigate to Settings OTP Protect to configure and generate OTPs.
FAQ
-
Do users need to register to view the content?
-
No, and that is the plugin’s main advantage. A user only needs to enter the one-time password you provide. No WordPress user account is required.
-
How can I allow an OTP to be used more than once?
-
In the admin overview, you can edit any used OTP and reset it with a single click. This clears the usage timestamp and makes the password immediately valid again.
-
Is plugin data removed on uninstall?
-
Yes. When you delete the plugin from the WordPress admin area, the included
uninstall.phpfile ensures the associated database table (<prefix>_otpcp_protect) is cleanly removed. -
Can multiple passwords be active for the same post?
-
Yes. You can create multiple different and simultaneously active OTPs for the same piece of content. Each one will be validated correctly upon entry.
Reviews
Contributors & Developers
“OTP Content Protect” is open source software. The following people have contributed to this plugin.
Contributors
Translate “OTP Content Protect” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.3.5
- Enhancement: Implemented a new protection method using the
template_redirecthook to provide proper compatibility for WooCommerce Products. - Enhancement: Added a “View” link to the row actions in the admin list to quickly open the protected content.
1.3.4
- Enhancement: Replaced the password list with a professional, sortable, and searchable table (WP_List_Table).
- Enhancement: Restructured the admin page to match WordPress standards (separate Add/Edit view), which also fixes the placement of admin notices.
- Tweak: Updated the styling of filter buttons to match the modern WordPress UI.
1.3.3
- Fix: Corrected a bug where only the first created OTP for a page was accepted. Now, multiple different OTPs can be active for the same content simultaneously, and each will be validated correctly.
1.3.2
- Fix: Addressed final
WordPress.DB.PreparedSQL.NotPreparedfalse-positive errors by adding specificphpcs:ignorecomments to pass the “Plugin Check” tool cleanly.
1.3.1
- Fix: Resolved several warnings from the “Plugin Check” tool related to direct database queries and input validation.
1.3.0
- Security: Major refactoring to meet official WordPress.org requirements. All functions, classes, hooks, and the database table now use a unique
otpcp_prefix to prevent conflicts. - Security: Standardized and improved all nonce checks for better security.
- Fix: Corrected various bugs in the admin area, including broken edit links and script loading issues that arose during the refactoring.