How Password Protection Works on Squarespace
Site-Wide Password Protection
Go to Settings > Site Visibility. The "Password Protected" option requires visitors to enter a password before accessing any page on your site. This is a single password that applies to the entire site - every page, blog post, and product page is locked behind the same password. This is typically used during site development to prevent public access while you build.
Page-Level Password Protection
Individual pages can be password-protected through their page settings. Click the gear icon next to any page in the Pages panel, and enable the password option. Set a unique password for that specific page. Only that page requires the password - the rest of your site remains publicly accessible. Each page can have a different password.
The Two Systems Are Independent
Site-wide and page-level passwords do not interact. If you set a site-wide password and also set a page-level password on one page, visitors must enter the site-wide password first and then the page-level password to access that specific page. This double-password situation is the most common source of confusion.
Common Password Protection Issues and Fixes
Password Prompt Not Appearing
If visitors can access the page without seeing a password prompt: verify the password is enabled in the correct location (page settings for page-level, Site Visibility for site-wide). Check that you saved the settings after enabling. Test in an incognito window - if you are logged into your Squarespace account, password-protected pages display without the prompt for site administrators.
Correct Password Being Rejected
Passwords are case-sensitive on Squarespace. Verify the exact capitalization. Check for leading or trailing spaces in the password you set - extra whitespace characters count as part of the password. Re-enter the password in the page settings to ensure it is exactly what you intend.
Password Works for Some Visitors but Not Others
Browser caching can cause inconsistent behavior. Some visitors may see the cached unlocked version while others see the password prompt. The password also uses a session cookie - visitors who clear cookies or use a different browser will need to re-enter the password. This is expected behavior, not a bug.
Password Protection Removed but Page Still Locked
If you disabled password protection but visitors still see the prompt, browser caching is serving the old password page. Ask affected visitors to clear their browser cache or try in incognito. The change takes effect immediately on Squarespace's servers - it is only cached browser versions that show the old behavior.
Blog Posts Not Protected
Page-level password protection applies to pages, not individual blog posts within a blog collection. To protect blog content, set the password on the blog collection page (the parent blog page), which locks all posts within it. You cannot password-protect a single blog post independently without protecting the entire blog.
Password Protection for Specific Use Cases
Client Portal Pages
For client-specific pages, use page-level passwords with unique passwords for each client. Place client pages in the Not Linked section so they do not appear in navigation. Share the direct URL and password with each client. For a more robust client portal, consider Squarespace Member Areas which provide individual login accounts. For client portal setup, our guide to creating a client portal on Squarespace covers every approach.
Development/Staging
Use site-wide password protection (Settings > Site Visibility > Password Protected) while building your site. This keeps the entire site hidden from public access. Remove the site-wide password and switch to Public when you are ready to launch.
Exclusive Content
For content available only to specific groups (members, subscribers, VIP customers), page-level passwords work for simple setups. For more sophisticated access control with individual user accounts, Squarespace Member Areas provides proper membership management. For design strategies for gated content, our Squarespace design tips guide covers content hierarchy.
Password Protection and SEO
Password-protected pages are not indexed by search engines - Google cannot enter a password, so the content behind it is invisible to search. This is desirable for private content but means password-protected pages will not appear in search results. If you want the page to rank, do not password-protect it.
The password page itself (the prompt visitors see) may be indexed. You can control what this page says in some template configurations but not all. For SEO considerations, our Squarespace SEO guide covers content visibility and indexing.
Password Protection Limitations
No individual user accounts. Page-level passwords are shared - everyone uses the same password. You cannot track who accessed the page or revoke access for specific people. For individual accounts, use Member Areas.
No password expiration. Passwords remain active until you change or remove them manually. There is no automatic expiration feature.
Session-based access. Once a visitor enters the correct password, they can access the page for the duration of their browser session. Closing the browser or clearing cookies requires re-entry.
No protection for individual blog posts. Only the entire blog collection can be password-protected, not individual posts. For broader customization, our guide to customizing your Squarespace website covers page organization and access control options. For mobile considerations, our guide to Squarespace mobile optimization covers form and prompt usability on small screens.
Troubleshooting Process
1. Verify the password is set. Check the correct settings location - page settings for page-level, Site Visibility for site-wide.
2. Test in incognito. Log out of Squarespace and test in an incognito window. Admin users bypass password protection.
3. Check the exact password. Re-enter it in settings to ensure no extra spaces or capitalization issues.
4. Clear browser cache. Ask affected visitors to clear cache if they see inconsistent behavior.
5. Check for dual protection. Verify you do not have both site-wide and page-level passwords creating a double-prompt situation.
Frequently Asked Questions
Why is my Squarespace password-protected page not working?
Why can I access my password-protected page without entering a password?
Can I password-protect a single blog post on Squarespace?
What is the difference between site-wide and page-level password protection?
Are password-protected Squarespace pages indexed by Google?
Can I set different passwords for different Squarespace pages?
Why does the Squarespace password prompt keep appearing after I enter the correct password?
Get Password Protection Working Correctly
Password protection on Squarespace is straightforward once you understand the two-level system - site-wide and page-level. Most issues come from testing while logged in (which bypasses protection), browser caching, or confusion about which level is configured.
Always test in incognito while logged out. Verify the exact password including capitalization. Check that the password is set at the correct level. These three checks resolve virtually every password protection issue in minutes.
* Read the rest of the post and open up an offer