Wordpress - Add error message on password protected page

The latest entered password is stored as a secure hash in a cookie named 'wp-postpass_' . COOKIEHASH.

When the password form is called, that cookie has been validated already by WordPress. So you just have to check if that cookie exists: If it does and the password form is displayed, the password was wrong.

add_filter( 'the_password_form', 'wpse_71284_custom_post_password_msg' );

/**
 * Add a message to the password form.
 *
 * @wp-hook the_password_form
 * @param   string $form
 * @return  string
 */
function wpse_71284_custom_post_password_msg( $form )
{
    // No cookie, the user has not sent anything until now.
    if ( ! isset ( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) )
        return $form;

    // Translate and escape.
    $msg = esc_html__( 'Sorry, your password is wrong.', 'your_text_domain' );

    // We have a cookie, but it doesn’t match the password.
    $msg = "<p class='custom-password-message'>$msg</p>";

    return $msg . $form;
}

Tags:

Forms

Password