Made to Order Software Corporation Logo

Protected Node Global Settings

The protected node module has global settings found under:

Administer » Site configuration » Protected node

Protected node Statistics

The page starts with statistics to let you know how pages are protected on your website. All the counts include published and unpublished content.

  • Total nodes — the total number of nodes on your website
  • Unprotected nodes — number of nodes that do not have a password
  • Protected nodes — number of nodes that are current protected by a password
    • Showing title — number of nodes showing their title
    • Hiding title — number of nodes hiding their title
    • Global passwords — nodes that make use of the global password
    • Node passwords — nodes that use their own password

Protected node security

The following field set includes security features. Any settings are secure, it is to allow you to tweak the security functions of the Protected node module to better match your needs.

Global password handling

The default is Per node password. This means the global password is not made available at all. Whether you enter a global password is not significant.

The Per node password or Global password option gives you the ability to protect nodes without having to enter a password each time. This is quite practical if you work with other moderators out of which a small group make use of specific password, and the rest can use the global password.

The Global password only selection entirely removes the need to enter a password on a per node basis. Obviously, this means that all the protected nodes make use of the exact same password. However, if you have a policy that requires you to frequently change the password, that could save your day.


The global password is ignored, and the node password is required, if the author of the password is the anonymous user. This is important since many different people can be the anonymous user. In this special case the system always reacts as if this setting was Per node password.


It is important to note that the use of the Global Password is contradictory to using the password fork feature. The password fork expects a different password on each of the node you are trying to access.

Global password

Enter the global password twice if you make a selection that require a global password. Note that once you setup a password it cannot be removed from the interface. It will not be necessary to enter the password each time you change the settings.

This field makes use of the Drupal Core JavaScript functions to show you how safe the Global password is (weak, medium, strong, etc.)

Show password strength in nodes

By default the module only shows the regular two password fields in a node you are protecting. Both fields must include the same password to be able to save the node.

When this flag is turned on, the Protected node module adds the JavaScript code from Drupal Core that shows the users whether their password is weak, medium or strong.

This can cause some unwanted side effects (conflicts with other modules) so if you run into problems with this feature, turn it off.

Show node titles by default

When you protect a node, it is expected that the content of the node is secret but to those who know the password.

This flag gives permission to the Protected node module to display the title of the node (for example, with a photo album, it may be fine to show the name to the users so they know that they are trying to access the right album.)


The features in the next field set give you access to Tokens. These tokens can be used to include information about the node in the password form generated by the Protected node module. The tokens can be used to show the entire content of the node! Also, this flag does not prevent you from making use of the [node-title] token.

Protected node email support

I introduced a basic email functionality that will send the password to the people listed in the provided box.

Email node information

Enter the size of the text area used to enter the list of emails.

The size must be a width an X letter followed by the height.

For example: 60x5

Clear this field to remove the email functionality.


Remember that spammers love to send emails from other people websites. Make sure to restrict access to this functionality so anonymous users or even the most basic registered users cannot send emails.

From email address

By default, the From: parameter is set to the content of the site mail variable.

This field let you enter a different email address (i.e.

Email subject

Enter your own email subject. The system provides a default in case you don't enter your own. You may not like the default and it may not be translated.

Email content

The email body that supports tokens. The Protected node module provides a few tokens of its own. In this case, you may particularly interested by the [node-password] token.

Note that like the form, you can use any node token and show anything you want to your users. Be careful.

The list of available tokens is shown at the bottom of the Protected node form field set (i.e. next field set.)

Generate a random password if necessary


This option gives permission to the Protected node module to generate a password if you don't enter one when saving the node.

When this flag is off and emails are entered, the user is required to enter a password because the one in the database is encrypted. In other words, we could not send the password to the users listed in the node and the email is likely useless (unless you offer the view protected content permission.)

Protected node form

Whenever a user reaches a node that is protected by a password, one is sent to a form and asked for the top secret password.

That form includes a title, a main description, a field set with another description, the password field, and a submit button. This form can be tweaked as presented below.

Always add a cancel link

This flag can be selected to always show the users a Cancel link next to the Submit button. This is generally a good idea.

By default, the cancel link points back to where the user came from. This only works if the browser sent us a referrer URL when the user first tried to access the protected content. Obviously, if you gave a direct link for your users to enter in their browser, there will be no referrer. Also, many browsers don't give away foreign websites (i.e. if you click on a link on another website that points to one of your pages, then it is likely that your browser will not tell you anything about that foreign website.)

When no referrer was defined, the Cancel link points to your front page.

Password page title

The title of the page. It supports tokens (i.e. [node-title]).

Password page general information

This description appears right before the password field set. It may be made empty to remove the field.

Password page description (inside the field set)

This description appears inside the password field set, right before the two password text fields.

Password field label on password page

This is the label appearing before the two passwords. It is not possible to change the other two fields (Password & Confirm password).

Protected node actions

Mass actions on nodes in regard to the protected node features. This should be extended to include functions in the Content page, but for now, it's here and always acts on all nodes or a subset defined by the protected flag or existing passwords.

The sub-field sets are there to prevent you from clicking on the wrong button too often. Remember that since these functions are applied against all the nodes of your website, if you don't have a backup, you may lose valuable information.

Clear sessions

This version of the module let you clear all the sessions.


The function really just saves the current date as the deadline date used to know whether a password was entered a long time ago. For this reason, you will notice that this is extremely fast, even on very large websites.

Reset passwords

When you create nodes making use of the Global password and at some point want to remove the Global password functionality. This mass reset passwords is very useful in this case. It sets a node password to all the nodes that were using the Global password.

Note that this function doesn't touch the existing passwords, it only sets passwords where missing.

Use global password

This function resets all the passwords to make use of the global password. This is useful if you change your mind and decide that all your protected nodes should use the Global password.

Note that to change all the passwords of all your protected nodes, you may first clear them with this action, and then use the Reset passwords action to set the password on all protected nodes. It is one way to change the password on all your nodes, but it's a bit drastic!


This erase all the existing passwords. Be very careful when using this action.

Remove protection

This function clears the This <node-type> is protected flag from all your nodes.

This means no more nodes will then be protected. Be very careful with this function!

Protect nodes

This function transform your entire website in a protected website. All your nodes will require a password to access them.

Note that special pages (non-nodes) are not currently protected by this module. For example, your contact page, views, PAD file pages, etc. remain publicly accessible.

This action requires you to create a Global password. However, the system will not generate an error if you did not turn on the Global password functionality. It is your responsibility. Without turning on the Global password, all your nodes will be inaccessible since no password can be matched.

Restore protection

If somehow some of your nodes with a password got unprotected, this function can be used to re-protect them.

In a way, this is similar to Protect nodes, but it is limited to nodes that had a password. This means it will not protect nodes that were protected with the Global password.

Note that nodes that have a node type set to Never protected will still not be protected whether they had a password defined or not.