Is there any way to password protect a page?

Our wiki is already broken down so that different user accounts have different roles and access, but in the interest of provide redundent protection for especially sensitive data, is there any way you can password protect a specific page? We're getting by by using password protected excel documents and attaching them, but that's hardly ideal.



7 answers

its possible if you code directly on the page(s) you want to protect. if the pages are scripts e.g. index.php, index.asp etc you can hardcode the password, so here we go in php )....Indentify the page u want to protect ususlly index.php (but if its not explicity shown e.g. http://index.php/products this means "products" is a folder that contains another index.php Modify the index.php by a few line of code using a good editor,, Dreamweaver is my favourite,, but a plain text editor can do.

Put the javascript code above the <head> tag

function validatex(pwd){
var password=prompt("Enter a password please","password");
if (password!=null && password!="")
{ //check password
if (password==pwd){
alert ("correct password was entered!");
alert("Wrong password entered!");
} //else password is invalid
alert("Invalid pasword entered, please try again!");

Then add PHP code immediately below <body> tag as follows

echo "<script> validatex('abcd')</script>";//PREFERRED PASSWORD IS 'abcd'

That won't work for Confluence, it's not php.

Also, you should never do security with javascript, as the user can simply bypass it.

i dont kno about Confluence

heres another way i did it

i put the javascript where it belongs,,withinm the <script> tags


function hideObject(idx){
document.getElementById(idx).style.display = "none";
//document.getElementById(idx).style.visibility = 'hidden';


Then the form for password objects below the <body> tag

<form action="" method="post">
<label id="passwordlabel">Password</label>
<input type="text" name="password" id="password" />
<br />
<input type="submit" name="submitpassword" id="submitpassword" value="Submit" />

and follow with PHP code below the form,, anything below PHP code will not load if the password is incorrect

if (isset($_POST['submitpassword'])){
if ($_POST['password']== "abcd"){//PREFEREED PASSOWRD IS 'abcd'
//PROOCEED WITH PAGE DISPLAY and hide password objects
echo "<script> hideObject('passwordlabel');</script>";
echo "<script> hideObject('password');</script>";
echo "<script> hideObject('submitpassword');</script>";
//terminate page
//terminate page

What's with the PHP again? Do you use Confluence? If you don't know about Atlassian tools, why are you answering questions about something you know nothing about?

Oh, common Matt. PHP IS THE ANSWER TO EVERYTHING, not that old fashioned 42.

Yes the issue of security is important,,

by sniffing binary data coming in during load he can hack the password i think

for an enclosed intranet its secure enough i think. but your point is taken

i think its better to use a database stored password and do the checking within PHP code


Javascript is utterly insecure. It's run by the *browser*, the user can simply press ctrl-u to expose it and even the most simple debugger can bypass it.

There's no need to sniff at all, you can simply walk straight around it.

And, again, your answer misses one major point - Confluence is NOT php.

The original question didnt mention Confluence and so i guess i can answer in the way I know best. Kind regards;

Er, this is an Atlassian forum, so it implies the use of at least one of the Atlassian suite. It also says "confluence" in the tags.

There's lots of clues here that it's not php based (and javascript still won't work)

Hi Kyle,

I'm afraid this is not possible, but that's an interesting idea. You can consider raising a feature request at href=""> regarding this matter.

For now, you can work with Page restrictions in order to allow only certain users/groups to view an specific page.



Take a look at Customware's Security and Encryption Plugin. It uses PGP to encrypt some content and adds an additional level of page protection.

It is not very userfriendly (eg. no autocomplete) and not well integrated (encrypted content is stored separately and not with the page). But if you really need this level of protection you probably can live with it.

Be sure to use the latest version if your confluence is running on Java 7!

- Steffen

I'm guessing from yoru question that a lot of users have admin access that shouldn't? Even if you could easily password protect a page, you'd only be putting a band-aid on the problem. Anyone who has access to the server of the database can bypass the page level security provided by Confluence. It's a problem we've had with Confluence in that you can't use it to securely store passwords (haven't tried Customware/Service Rocket's plugin).

I'd tackle the problem of your user access levels as it will only come back again & again.

One solution we use is to store password files on restricted network shares and link to them from the confluence page.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Mar 12, 2019 in Confluence

Confluence Admin Certification now $150 for Community Members

More and more people are building their careers with Atlassian, and we want you to be at the front of this wave! Important Dates Start the Certification Prep Course by 2 April 2019 Take your e...

272 views 2 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you