---
title: Password protect all entries in a Statamic Collection
description: A simple Collection setup to enable password protection across your Statamic entries.
pubDate: 2024-09-13
---

import Notice from '../../components/Notice.astro'
import Figure from '../../components/Figure.astro'
import ProtectedCollection from '../../assets/protected-collection.webp'
import ProtectedPage from '../../assets/protected-page.webp'

Out-of-the-box there's a number of different ways you can [protect](https://statamic.dev/protecting-content) an entry within [Statamic](https://statamic.com/). By applying one of the following key/value pairs in your entry's YAML file you'll get a few different experiences:

1.  The user must log into the control panel: **protect: logged_in**
2.  The user must enter an accepted password: **protect: password**
3.  The entry is locked to all users: **protect: true**

We're going to focus on **#2** which is the most common request in my experience. Simply a way to keep the general public out of certain records that may hold board minutes, campaign details, and the like.

<Notice>
  This should not be used to gate sensitive content such as credit card information, personally identifiable info, etc!
</Notice>

## 1. Set up a new "Protected Pages" collection

I like to place protected content into a dedicated "Protected Pages" collection. This allows us to use a URL prefix for all of the protected entries and allows us to set some sensible defaults for records that shouldn't be publicly visible (SEO settings, etc.).

<Figure src={ProtectedCollection} alt="A collection in Statamic called 'Protected Pages'" />

Having a URL prefix for these pages ensures we can exclude these pages from Statamic's static caching policy:

```php
'exclude' => [
  'class' => null,

  'urls' => [
    '/search*',
    '/protected*', // Exclude protected pages from the static cache
  ],
],
```

## 2. Protect the entire collection via YAML

Now that we have a dedicated collection, we need a way to protect the entries without having to manually add `protect: password` to each of them. Fortunately Statamic allows us to do this at the collection-level.

Open up the `content/collections/protected_pages.yaml` file and insert the following block of YAML. This will apply a protection strategy of your choosing across all entries within our collection.

```yaml
inject:
  protect: password
```

<Notice>
  This value could also be `logged_in` if you prefer to gate the content behind a Statamic account.
</Notice>

## 3. Publish a new Protected Pages entry

Now when you publish a Protected Pages entry it will be gated behind a simple password view. Your list of acceptable passwords is configured within `config/statamic/protect.php` in the `password.allowed` array.

<Figure
  src={ProtectedPage}
  alt="The front end of a password protected page prompting the user for a password"
/>

## Final notes

Now that you have a functional Protected Pages collection its important to consider a couple things:

The list of acceptable passwords—with Statamic's default password driver—are fixed and hardcoded. You'll need to communicate to your authors what passwords will work to authenticate users.

Passwords you use will unlock _all_ gated entries. This is often beneficial for non-technical individuals so they don't have to input the same password multiple times when viewing several gated pages with similar content, but it is worth noting in case that's undesirable.

Like many Statamic and Laravel features, this is a **driver-based** system. Meaning, if you would like to [create your own protector driver](https://statamic.dev/protecting-content#custom-drivers) that behaves differently the world is your oyster!