Sign in Get started

Password-protect a short link

Add a password to any short link. Visitors enter it before the redirect, sit behind a branded prompt page, and stay remembered for a day.

Updated today 5 min read

Some links aren't for everyone who finds the URL. Press kits, paid downloads, private campaign assets, beta access pages, internal team links — anything you'd rather not see scraped or shared on a public Slack.

Password protection puts a prompt page in front of the destination. Scanners and clickers see your prompt, type the password, and only then get redirected. Get it wrong and they stay on the prompt. Get it right and a cookie remembers them for 24 hours, so they don't see the prompt every time they hit the link that day.

The prompt page is yours, not the destination's. Pick the theme that fits your brand, write the prompt subtitle, done. The destination only loads after the password's right.

What you can do

Turn it on for a link One toggle inside the link editor. Pick a theme Light, dark, or mint. Three options, all on-brand. Change the password Old visitors are kicked out automatically. Turn it back off Flip the toggle and the link goes public again.

Turn it on for a link

  1. Find the short link you want to protect, click into it.

  2. Find Password protection.

    Scroll the right-rail edit form. The Password protection card sits between Social preview and Tracking pixels.

  3. Flip "Require a password" on.

    The settings reveal — password input, subtitle, theme tiles.

  4. Type the password.

    Any characters. The status pill at the top of the card turns green when it's saved.

  5. Walk away.

    No save button to click. The pill in the bottom-right of the page says "Saved" when the change lands.

The status pill is the truth. Green means the link is protected right now. Red means the toggle is on but no password has been typed — visitors would still get straight through.

Pick a theme

Three options. The page renders edge-to-edge so the only thing the visitor sees is your prompt.

  • Light — white background, black prompt. Reads neutral, fits most brands.
  • Dark — near-black background, mint accent on the unlock button. Looks deliberate against a colourful destination.
  • Mint — full-bleed mint background. The most opinionated of the three; great for one-off launches or events where you want to lean in.

The theme picker shows three tiles. Click the one you want. The page subtitle field underneath lets you write one line of context — "Enter the password to continue.", "Type the code from the invite email.", or whatever fits the moment.

What visitors see

The prompt page is a single column on a coloured background. Title at the top (the link's name from the dashboard), the subtitle you wrote, a password input, and an unlock button. That's it. No nav, no footer, no "Powered by" line on paid plans. On free, the "Powered by Linked.Codes" lockup sits in the footer.

Get it right and the page redirects to your destination. A cookie tagged to that link goes onto the visitor's browser, valid 24 hours. Next time they hit the same short URL in the same browser, they go straight through.

Get it wrong and the page reloads with a short error and keeps the cursor in the field. There's no rate limit on attempts today — pick a password that's hard enough to guess on its own.

Search engines see the prompt, not the destination. The prompt page is automatically marked `noindex` so the protected URL never lands in Google with the destination's title or description.

Change the password

Open the link, change the value in the password input, walk away. The new one saves the same way the first one did. Any visitor who already passed the old password is kicked out — their 24-hour cookie no longer matches and they see the prompt again.

This is how you handle staff turnover, a leak, or just a quarterly rotation: change it once in the dashboard, every existing cookie invalidates the same minute.

Turn it back off

Flip the "Require a password" toggle off. The settings collapse, the password and subtitle clear server-side, and the link becomes public again. Visitors don't see the prompt anymore. The old password is gone — turning the toggle back on later asks for a new one.

Combine with other settings

Branding Custom logo + colours on the prompt page (lifetime + hosting plans). Short link basics How short links work, slug rules, custom domains. Analytics Counts cover successful unlocks — failed attempts don't move the numbers.

FAQ

Can I see who unlocked the link?

Analytics counts successful unlocks like normal clicks — date, referrer, country (when available). It doesn't capture identities or attempted-but-failed unlocks.

Is there a limit on how long the password can be?

Up to 200 characters. Anything sensible works — words, sentences, random strings.

What about brute force?

The prompt has no built-in rate limit today. Pick something a bot can't guess in a hundred tries — six or seven random characters, or a short phrase. We'll add explicit throttling when there's a reason to.

Does the 24-hour cookie work across devices?

No — cookies are per-browser. Phone and laptop count as separate; each needs to unlock once.

Can I share the unlocked URL by sending the cookie?

No. The cookie is signed against the password hash, so it can't be transferred to another browser. The only way to give access is to share the password.