How to Create a Private Page in WordPress: Complete Guide

Knowing how to create a private page in WordPress is an essential skill for anyone who wants to restrict access to sensitive content, share drafts with clients, or build members-only sections without a full membership plugin. WordPress gives you several ways to accomplish this — from a simple built-in visibility toggle to advanced PHP-based access control — and this guide walks you through every method in plain, actionable steps.

Understanding WordPress Page Visibility Options

Before diving into the steps, it helps to understand what "private" actually means in WordPress. The platform offers three core visibility settings for pages and posts:

• Public — Visible to anyone who visits your site.
• Private — Visible only to logged-in users who have the read_private_pages capability (editors and administrators by default).
• Password Protected — Visible to anyone who knows the password, logged in or not.

Choosing the right option depends on your audience. If you need to share a page with a specific client or team member who already has a WordPress account, the native Private setting is the fastest route. If your audience does not have WordPress logins, password protection or a plugin-based approach is more practical.

Method 1: Using the Built-In WordPress Privacy Setting

The simplest way to create a private page in WordPress is through the Block Editor (Gutenberg). This method requires no plugins and takes about thirty seconds.

Step-by-Step Instructions

1. Log in to your WordPress dashboard and navigate to Pages > Add New (or open an existing page you want to make private).
2. Add your page title and content as normal.
3. In the right-hand Page panel, locate the Summary section and click the word Public next to the "Visibility" label.
4. A small popover will appear with three options. Select Private.
5. WordPress will display a confirmation prompt: "Would you like to privately publish this page?" Click OK.
6. Click Publish (or Update if the page already exists).

Once published, the page will appear in your Pages list with a — Private label appended to its title. Only users logged in as Administrator or Editor will be able to view it on the front end. All other visitors — including subscribers and non-logged-in users — will receive a 404 error or be redirected, depending on your theme.

Using the Classic Editor

1. Open the page in the Classic Editor.
2. Find the Publish meta box in the top-right corner.
3. Click Edit next to "Visibility: Public".
4. Select Private and click OK.
5. Click Publish or Update.

Method 2: Password-Protecting a Page

Password protection is ideal when you want to share a page with people who do not have WordPress user accounts — for example, a client reviewing a proposal or a student accessing course material.

Step-by-Step Instructions

1. Open the page in the Block Editor.
2. In the Summary panel, click Public next to Visibility.
3. Select Password Protected.
4. Type a strong, unique password in the field provided.
5. Click outside the popover to close it, then click Publish or Update.

Visitors who navigate to the page will see a password prompt. They enter the password once, and a cookie remembers their access for the duration of their browser session. The page title is still visible in search results and archives, so avoid putting sensitive information in the title itself.

Method 3: Creating a Private Page with WP-CLI

If you manage multiple WordPress sites or prefer the command line, WP-CLI lets you create or update pages with a single command. This is particularly useful in staging, automation scripts, or CI/CD pipelines.

Creating a New Private Page

Run the following command in your terminal from the WordPress root directory:

# Create a new private page via WP-CLI
wp post create \
  --post_type=page \
  --post_title="Client Proposal Q3" \
  --post_status=private \
  --post_content="Page content goes here." \
  --porcelain

The --post_status=private flag sets the visibility to Private, exactly as if you had toggled it in the editor. The --porcelain flag returns only the new post ID, which is useful when chaining commands in a script.

Updating an Existing Page to Private

# Update page with ID 42 to private status
wp post update 42 --post_status=private

You can confirm the change by running wp post get 42 --field=post_status, which should return private.

Method 4: Restricting Page Access with PHP and Custom Roles

WordPress's native Private setting only grants access to administrators and editors. If you need finer-grained control — for example, letting subscribers or a custom "client" role view specific private pages — you will need a small PHP snippet added to your theme's functions.php file or a site-specific plugin.

Granting a Custom Role Access to Private Pages

The capability that controls who can read private pages is read_private_pages. The snippet below adds this capability to the built-in Subscriber role:

/**
 * Allow subscribers to read private pages.
 * Add this to functions.php or a custom plugin.
 */
function wpguide_subscriber_read_private_pages() {
    $role = get_role( 'subscriber' );
    if ( $role ) {
        $role->add_cap( 'read_private_pages' );
    }
}
add_action( 'init', 'wpguide_subscriber_read_private_pages' );

Important: Capabilities added via add_cap() are stored in the database, so this function only needs to run once. You can wrap it in a plugin activation hook or simply remove the add_action line after the first page load to avoid redundant database writes on every request.

Redirecting Unauthorised Users Programmatically

If a visitor without the required capability tries to access a private page directly, WordPress returns a 404 by default. You can instead redirect them to a login page with this snippet:

/**
 * Redirect non-authorised visitors away from private pages.
 */
function wpguide_redirect_private_pages() {
    if ( is_page() && 'private' === get_post_status() && ! current_user_can( 'read_private_pages' ) ) {
        wp_redirect( wp_login_url( get_permalink() ) );
        exit;
    }
}
add_action( 'template_redirect', 'wpguide_redirect_private_pages' );

This hook fires on every front-end request. It checks whether the current page has a private status and whether the current user lacks the necessary capability, then redirects them to the WordPress login page with a redirect-back parameter.

Method 5: Using a Plugin for Advanced Private Page Control

For more complex scenarios — such as content restricted by user role, membership level, or individual user ID — a dedicated plugin is the most maintainable solution.

Recommended Plugins

• Members by MemberPress — A comprehensive role and capability editor with per-page content restrictions. Free tier available.
• Password Protected Pages — Lightweight plugin that extends WordPress's built-in password protection with per-role bypass options.
• Restrict Content Pro — Full membership solution with granular content restriction by subscription level.
• User Role Editor — Lets you assign capabilities like read_private_pages to any role through a GUI, without writing code.

General Plugin Setup Steps

1. Navigate to Plugins > Add New in your dashboard.
2. Search for your chosen plugin and click Install Now, then Activate.
3. Follow the plugin's onboarding wizard or settings page to configure access rules.
4. Open the target page in the editor; most restriction plugins add a meta box or panel where you assign who can view the page.
5. Save or update the page. Test access by logging out or using a browser in private/incognito mode.

Best Practices for Private Pages in WordPress

Whichever method you choose, keep the following best practices in mind to maintain security and a good user experience:

• Test with a non-admin account. Log in as a subscriber or log out entirely and visit the page URL directly to confirm the restriction works as expected.
• Avoid sensitive data in page titles. Even private pages can sometimes appear in admin-side search results or browser history. Keep titles generic when the content is confidential.
• Use HTTPS. Password-protected pages transmit the password in a form POST. Ensure your site uses an SSL certificate so the password is encrypted in transit.
• Audit user roles regularly. If you have granted roles like Subscriber the ability to read private pages, periodically review who holds that role to prevent data leaks from old or unused accounts.
• Combine methods when necessary. For highly sensitive content, you can set a page to Private (restricting it to logged-in editors) and add password protection as a second layer.
• Keep plugins updated. Access-control plugins that contain vulnerabilities can expose restricted content. Run updates promptly and monitor your plugin vendor's security advisories.

Creating private pages in WordPress is straightforward once you understand the available tools. The built-in visibility toggle handles the majority of everyday use cases in seconds, WP-CLI scales the task to bulk or automated workflows, and PHP snippets or plugins cover the edge cases where default roles are not granular enough. Start with the simplest method that meets your requirements and layer in complexity only when you genuinely need it.

Frequently Asked Questions

Can visitors without a WordPress account see a private page?

No. WordPress's native Private visibility requires the viewer to be logged in with an account that has the read_private_pages capability, which by default means Administrator or Editor roles only. Non-logged-in visitors receive a 404 error. If you need to share content with people who do not have accounts, use Password Protection instead.

Does a private page appear in Google search results?

Private pages are not accessible to search engine crawlers because they require authentication to view. As a result, they will not be indexed by Google or any other search engine, and they will not appear in public sitemaps generated by SEO plugins like Yoast or Rank Math.

How do I make multiple pages private at once in WordPress?

Go to Pages > All Pages, select the checkboxes next to the pages you want to restrict, choose Edit from the "Bulk Actions" dropdown, and click Apply. In the bulk-edit panel that appears, set the Status field to Private and click Update. Alternatively, use the WP-CLI command wp post update $(wp post list --post_type=page --format=ids) --post_status=private to update all pages at once from the command line.

Why is my private page still visible to some logged-in users?

If a logged-in user can see a private page, they likely hold the Administrator or Editor role, or their role has been granted the read_private_pages capability — either manually via code or through a plugin like User Role Editor. Review the user's profile to check their role, and audit your functions.php or active plugins for any capability assignments you may have added previously.

Managing page visibility is just one of dozens of routine WordPress tasks that can consume your time. If you would rather describe what you need in plain English instead of navigating dashboards or writing code snippets, WP AI Agent is a natural-language AI chat tool built specifically for WordPress that can handle tasks like creating private pages, updating visibility settings, and configuring user roles — all through a simple conversation, no technical knowledge required.