I can't remember the password, what to do?
Go to /application/config/generated_overrides/site_password/settings.php to remove the password or to disable the add-on.

Is the password stored encrypted?
Yes, using the same hashing mechanism as regular user passwords.

Where can I find the settings page?
Dashboard > System & Settings > Permissions & Access > Site Password.

My IP address is blocked, what can I do?
This safety mechanism protects the site against brute force attacks. If your IP has been blocked because a wrong password was submitted several times, you'd try to log in via a different IP address (e.g. from a different pc / network) or you'd go into a database manager and delete the IP address from the 'FailedLoginAttempts' table.

How can I customize the layout?
You can copy the file from packages/site_password/views/site_password/site_password_login.php to application/views/site_password/site_password_login.php. Make sure you clear the 'overrides' cache via the 'Clear Cache' page. Once that is done, you can change the HTML / CSS as you'd like.

Does it work in combination with Full Page Caching?
Yes.

Is it possible to restrict access only for a selected number of pages?
This use case is currently not supported. Mainly because the middleware runs before the whole request is processed, meaning that in that moment of time we wouldn't have access to the current Page object, for example.

How does it technically work?
A middleware class checks whether a session variable exists. If not, the visitor is served with a login form response. The form is not shown if: 1) The add-on is disabled, 2) The password has not been set up, 3) The visitor is already authenticated via C5, 4) The visitor logged in successfully.