This is just a note to self so I don’t forget in future. I was messing around with passworded posts (my customised theme checks to see if a post is passworded and, if so, displays a generic “Password Protected” title rather than the actual title. However, this was still leaking the title through the URL so I added a filter on wp_insert_post_data
in order to change the post-slug as well). I thought my messing had broken something mysteriously (despite the database looking OK and not being able to see how). Eventually a Google search revealed that somewhere between my last testing password functionality and my messing WordPress must have upgraded. This changed how passwords are handled (explanation is here for example). In short, instead of the password form passing to wp-pass.php
it must pass to wp-login.php?action=postpass
instead. Changing my custom password form fixed the problem; my messing hadn’t broken anything that wouldn’t have broken anyway!