WordPress at a glance
function is not described

WP_REST_Posts_Controller::can_access_password_content() public WP 4.7.0

Checks if the user can access password-protected content.

This method determines whether we need to override the regular password check in core with a filter.

{} It's a method of the class: WP_REST_Posts_Controller{}

No Hooks.


true/false. True if the user can access password-protected content, otherwise false.


$WP_REST_Posts_Controller = new WP_REST_Posts_Controller();
$WP_REST_Posts_Controller->can_access_password_content( $post, $request );
$post(WP_Post) (required)
Post to check against.
$request(WP_REST_Request) (required)
Request data to check.


Since 4.7.0 Introduced.

Code of WP_REST_Posts_Controller::can_access_password_content() WP 5.6

public function can_access_password_content( $post, $request ) {
	if ( empty( $post->post_password ) ) {
		// No filter required.
		return false;

	// Edit context always gets access to password-protected posts.
	if ( 'edit' === $request['context'] ) {
		return true;

	// No password, no auth.
	if ( empty( $request['password'] ) ) {
		return false;

	// Double-check the request password.
	return hash_equals( $post->post_password, $request['password'] );