WiscWeb - Options for protecting pages

This document will explain the different options available for locking down pages and what they may mean for your site and its contents.

Offering comparison

The following chart breaks down the various options available to you and the situations to which they are best suited.

Comparison of different protection options that are available for WiscWeb users.
Offers Protection at the Root Offers Individual Page Protection Offers Protection for Media Offers Protection for Select List of NetIDs Offers Protection for Entire UW-Madison Network
Native WordPress Password Protection x
NetID Page Protection x x
Publishing to Private x x
Non-Indexed Site x
KnowledgeBase Pages x x x x x
UW Box x x x
SharePoint x x x x x

Native WordPress password protection

See Important considerations before proceeding.

WordPress natively offers an option to password protect an individual page of a website. 

To set your own password for a page, follow the steps outlined in the WordPress.org documentation for page status. The instructions show how to open the settings controls for a page or post and then adjust the status to "Password Protected." This is a checkbox option within the "Status & visibility" settings.

Important considerations

  • Do not use your NetID password for your protected page. 

  • This option will not protect media files that are added to the page. If you upload a file to this page, the URL of the file is still publicly accessible if shared directly. If you require protection for media, we suggest uploading to UW Box

  • Protected pages should still not be used for sharing sensitive/restricted data. WiscWeb is not secured to host any sensitive/restricted data. See WiscWeb - Sensitive, restricted, and internal data policy.

  • Health Care Component (HCC) sites may not be able to use this option. Please contact the Office of Compliance if your site is considered an HCC and you wish to use native WordPress page protection while also capturing site metrics through Google Analytics. This may be a privacy risk and the Office of Compliance can make this determination for you. 

  • Protected pages may not appear in Google Analytics by default.

  • Anyone with the password - even those outside of the organization - will be able to get to content protected in this manner.

NetID page protection

This option will allow you to lock a page down to NetIDs. This does not integrate with Manifest Groups and should not be used to lock down all pages of a site. 

Please make sure to review considerations and limitations before proceeding.

WiscWeb - NetID Page Protection

Publishing to private

WordPress offers the option to publish pages as "Private" rather than public. When a page or post is published to Private, it can only be viewed by Admins and Editors of the project. They will be prompted with the standard NetID login screen if not already logged in to Shibboleth. After logging in with NetID credentials, they will be brought to the page content. If a user who is not an Admin or Editor on your site attempts to access the page, they will be brought to WiscWeb's standard 403 error page. 

Note: This option is only recommended for standard Pages and Posts - not plugin post types like UW Events, UW People, etc.

To set a page as private, follow the steps outlined in the WordPress.org documentation for page status. The instructions show how to open the settings controls for a page or post and then adjust the status to "Private." This is a radio box selection within the "Status & visibility" settings.

Non-indexed site

In WordPress, you have the option to turn off the ability for search engines to index your site. This setting is located in your site's Reading settings (Settings > Reading). The option is unchecked by default, but can be activated if your preference is for your site to not appear in search results. This will mean that users who have the exact URL of the site can still get to it, but the likelihood of someone stumbling across it is decreased. Also, the site should not appear in campus or Google searches.

Please note that it is up to the individual search engine to honor this request.

WordPress offers the option to not index a site. This is listed under the Search Engine Visibility setting and must be toggled on.

KnowledgeBase pages

The UW KnowledgeBase (KB) is an ideal location for secure content as it allows for several options for protection. These various options are detailed in their own documentation. In general, though, you can use the KnowledgeBase to lock down web content to all NetIDs or a select list of users.

For questions about the KnowledgeBase, please contact the KB team: kb-team@lists.wisc.edu

UW Box for media

If the content that you need protected is just media (JPG, PNG, PDF, and other files), we strongly recommend moving these over to UW Box, where you can more easily maintain access to these docs.UW Boxallows for robust permission and archival settings. Additionally, files loaded here can easily be shared with users located both on and off campus. To utilize this option, simply upload the files to Box, set the permissions, and then link to the documents and images from the webpage.

SharePoint for intranets

If you're looking to lock down an entire website at the root, a nice option might be to use SharePoint. More information can be found in Microsoft 365 - Getting Started with SharePoint Online.

Troubleshooting/tips

  • Protected sites or pages may not export data to Google Analytics. The tracking cookie will not be able to capture user interaction with your site if the site or page is not public.

See Also


Keywords:
protection, password, lock, protect, access, Manifest Group, NetID, login, permissions 
Doc ID:
94638
Owned by:
Jenna K. in WiscWeb
Created:
2019-09-24
Updated:
2026-06-08
Sites:
DoIT Help Desk, WiscWeb