[wp-trac] [WordPress Trac] #64810: A password protected post can be sticky but sometimes this behaviour is forbidden.

WordPress Trac noreply at wordpress.org
Thu Mar 5 11:45:53 UTC 2026 

#64810: A password protected post can be sticky but sometimes this behaviour is
forbidden.
-------------------------+-------------------------------------------------
 Reporter:               |      Owner:  (none)
  clementpolito          |
     Type:  defect       |     Status:  new
  (bug)                  |
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  General      |    Version:  6.9.1
 Severity:  normal       |   Keywords:  needs-patch 2nd-opinion has-
  Focuses:               |  screenshots
-------------------------+-------------------------------------------------
 A password protected post can be sticky, in several ways, but sometimes it
 is forbidden.

 **With Block Editor**
 When working on a post, I can check the ‘Password Protected’ and ‘Sticky’
 boxes at the same time.
 But if I set a password and save, I get the error message :

 Creating a new post
 {{{
 Publishing failed. A post can not be sticky and have a password.
 }}}

 Updating a post
 {{{
 Updating failed. A sticky post cannot be password protected.
 }}}

 **Quick Edit**
 When using quick edit, I can set both at the same time (Password Protected
 and Sticky)

 **With Classic Editor 1.6.7
 **With the classic editor, in the UI, I cannot set a password-protected
 post as Sticky because "Password protected" is only available as an sub-
 option of Public page.


 **In REST API**
 I get an Error 400 :

 {{{
 curl --request POST \
   --url 'https://zip-website.ddev.site/wp-
 json/wp/v2/posts?title=sticky%20bis&password=123456&sticky=true' \
   --header 'authorization: Basic
 cGxsLWFkbWluOnY0WkUgZUxwYSBGVktaIGJUSGMgcUJjMiBadmJs'
 }}}

 Answer :

 {{{
 {
   "code": "rest_invalid_field",
   "message": "A post can not be sticky and have a password.",
   "data": {
     "status": 400
   }
 }
 }}}


 Can we improve the UI in the editor so that we don't have the two possible
 options?
 Can we standardise the behaviour so that it is blocked everywhere or
 accepted everywhere?

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/64810>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list