Password protect Jekyll posts (formerly jekyll-firewall)


Password protect Jekyll posts.


Before using, keep the following in mind:

  • This encryption type is weak against brute force attacks. Here is an example of a safe guard by mrlubos.
  • Liquid templating isn't currently supported in protected posts
  • Use only Markdown syntax supported by marked
  • The password needs to be entered for each protected post. But you can easily store a successful password in cache and bypass subsequent logins
  • I discourage storing your site in a public repository unless you are okay with gitignoring sensitive information (and have no remote backup)


To begin a new site, build on top of this repository by forking or cloning.

To integrate with an existing Jekyll site, below are the necessary files:

  • _layouts/encrypted — The layout for a locked page
  • gulpfile — The Gulp file to encrypt posts


Site Structure & Password

The encrypt gulp task (below) encrypts each file in SRC-FOLDER with PASSWORD and outputs it into DEST-FOLDER. Change these settings in gulpfile.js according to your site structure.

gulp.task('encrypt', () => {
  return gulp.src('SRC-FOLDER')

Heads up that if you write public posts to DEST-FOLDER, it may be difficult to distinguish the public and protected posts. This can be easily amended but is outside the scope of the skeleton site in this repo. However, you can adjust the gulp encrypt task to change the outputted filename of protected files in the DEST-FOLDER and set the url in the front matter.

Protect Posts

To encrypt a post, simply save it in your desinated SRC-FOLDER and run gulp.




jekyll logo

Want a Jekyll website built?

Hire a Jekyll developer