I am currently working with a client that has photo and video galleries which are password protected. The company throws monthly parties and at the parties they hand a card to everyone coming in the door which contains the gallery password. I have password protected their new site which is built using wordpress. The video galleries are protected by vimeo's password protection feature. so when you land on the videos page, you're putting a password into vimeo's embeded video pw textbox, for the photo galleries, it's using wordpress pw protection for pages.

the issue starts here: their old website was custom built and had a feature where users must sign up with an account in order to be able to see the gallery pages. This means that even if you had the password, you must create an account on the site in order to see the galleries. This usually avoids people from being able to post the password on an external website or social network and giving access for the world to see the galleries.

My solution for now was to create custom alerts in analytics so that I can see any spike in traffic for those pages which may be abnormal, then i can check the referring traffic to make sure whether or not it was a pw which was posted to the public or not.

I would assume there are better solutions to avoid this on wordpress. Any suggestions or ideas are welcomed.

Thanks in advance!