1. Overview
  2. Bio Pages
  3. Password-protecting your bio page

Password-protecting your bio page

Password protection lets you restrict access to a bio page so that only visitors who know the password can view your content. This is useful for members-only resources, pre-launch previews, beta access pages, or any bio page you want to keep private.

This guide walks you through enabling password protection, explains how it works behind the scenes, and shows you how to remove it when you're ready to go public.

Note: You need an existing bio page to follow these steps. If you haven't created one yet, set up your bio page first, then return here.

Set a password on your bio page

  1. Open your dashboard at www.1smart.link and navigate to Bio Pages.
  2. Select the bio page you want to protect, then click Edit to open the BioLink Builder.
  3. Click Settings → Advanced.
  4. Find the Password protection field.
  5. Enter the password you want visitors to use.
  6. Click Save.

That's it. Your bio page is now password-protected. The plain-text password is hashed immediately on save — you will not be able to view it again in the settings panel. Make a note of the password somewhere safe so you can share it with the people who need access.

What your visitors see

When someone visits a password-protected bio page, they are presented with a branded gate page instead of the bio page content. The gate page:

  • Matches your bio page's theme colours, so it feels like a natural part of your brand.
  • Displays your hero image in a circle with a lock icon, making it clear that access is restricted.
  • Shows a single password input field and a submit button.

Once the visitor enters the correct password, they are taken straight through to the full bio page.

How the password cookie works

After a visitor enters the correct password, a cookie is set in their browser so they don't need to re-enter the password on every visit. Here's how that works:

  • The cookie is named pw_{slug}, where {slug} is the unique slug of your bio page.
  • The cookie is valid for 7 days. During that window, the same visitor on the same browser can access the page without being prompted again.
  • The cookie value is a truncated SHA-256 hash — it does not contain or leak the actual password.
  • After 7 days, the cookie expires and the visitor will need to enter the password again.

Tip: If a visitor clears their browser cookies or switches to a different device, they will be asked for the password again regardless of whether the 7-day window has elapsed.

How your password is stored

Your password is never stored in plain text. When you click Save, the server hashes it using bcrypt — a one-way hashing algorithm designed specifically for passwords. This means:

  • Nobody (including you) can retrieve the original password from the stored hash.
  • If you forget the password, you'll need to set a new one rather than look up the old one.

Remove password protection

When you're ready to make your bio page public again, you don't simply delete the password field — you enter a specific sentinel value that tells the system to clear the stored hash.

  1. Open the bio page in the BioLink Builder.
  2. Click Settings → Advanced.
  3. In the Password protection field, enter exactly: __CLEAR__ (with double underscores before and after the word CLEAR).
  4. Click Save.

The password hash is removed and your bio page is immediately accessible to everyone without a password.

Warning: Entering __CLEAR__ is irreversible. If you want to re-protect the page later, you will need to set a brand-new password.

Important limitations

Password protection controls visibility only. It does not encrypt the underlying page content, and it does not automatically hide the page from search engine crawlers. Keep these points in mind:

  • If you have allowed search engine indexing on the bio page, bots may still attempt to crawl it. The gate page will block them from seeing the content, but the page URL could still appear in search results.
  • For strictly private content, avoid sharing the URL publicly and consider disabling bot indexing in your page settings if that option is available.
  • The password gate does not replace access-control systems for highly sensitive data. It is designed for lightweight content restriction.

Troubleshooting

Visitor says the password isn't working

Double-check that you're sharing the exact password you entered before saving. Remember, you cannot retrieve the stored password — if there's any doubt, set a new password and share the updated one.

Visitor is being asked for the password again within 7 days

This usually means they cleared their browser cookies or are using a different browser or device. Each browser and device stores its own pw_{slug} cookie independently.

Related articles

  • Article #9
  • Article #16
  • Article #42
Was this article helpful?