Saving HTML Code in Wordpress

Hello everyone

I have installed Wordpress on my website. When i want to add a block with individual HTML Code and save it, it never saves. But with the preview everything works.

Does someone know why this is happening?

Thank you
Keaddy

Hello, and Welcome to the InfinityFree Forum!

Usually, WordPress does save the HTML code. This is odd. What is the HTML code you are trying to save into WordPress?

(To keep the HTML code formatted, use the </> button)

3 Likes
<div id="fresspaeckchen-container" style="max-width: 500px; margin: 40px auto; padding: 30px; border-radius: 12px; box-shadow: 0 4px 12px rgba(0,0,0,0.1); font-family: sans-serif;">
  <h2 style="text-align: center;">Feldpost senden 🪖🫡</h2>
  <p style="text-align: center;">Gib das Passwort ein, um meine Adresse zu sehen:</p>

  <input type="password" id="milpass" placeholder="Passwort eingeben..." style="width: 100%; padding: 12px; margin-top: 10px; border-radius: 8px; border: 1px solid #ccc; font-size: 16px;">

  <button onclick="checkPassword()" style="margin-top: 15px; width: 100%; padding: 12px; background-color: #2c3e50; color: white; border: none; border-radius: 8px; font-size: 16px; cursor: pointer;">
    Bestätigen
  </button>

  <div id="address-box" style="display: none; margin-top: 25px; background-color: #f6f6f6; padding: 20px; border-radius: 8px; border: 1px solid #ddd;">
    <strong>Feldpost-Adresse:</strong><br>
    Bla bla<br> 
    Blabla<br> 
    1000 Bla<br> 
  </div>

  <p id="error-message" style="color: red; margin-top: 10px; display: none;">Falsches Passwort. Versuch's nochmal.</p>
</div>

<script>
  function checkPassword() {
    const correctPassword = "defaultpw"; // Passwort hier festlegen 
    const input = document.getElementById("milpass").value;
    const addressBox = document.getElementById("address-box");
    const errorMessage = document.getElementById("error-message");

    if (input === correctPassword) {
      addressBox.style.display = "block";
      errorMessage.style.display = "none";
    } else {
      addressBox.style.display = "none";
      errorMessage.style.display = "block";
    }
  }
</script>   

I tested this code in one of my WordPress installations.

The result: Code works in Draft. Code works in Published. Code took 7 seconds to save. TestImage, in English (I can’t read German):


I also tested to see if the action after entering the password works (the password is within your code. Cool, but insecure in certain applications) and it works in both Draft and in Published.

What happens when you try to save the code? If possible, can you provide screenshots?

Before you test again and send screenshots, Clear your Browser Cache for your site. Sometimes, this is the culprit.

3 Likes

just cleared the cache for my browser. Issue is still there and this is the message i keep getting when i try to save:

Uploading: Bildschirmfoto 2025-05-04 um 18.11.58.png…


translation: The update has failed. The article could not be updated in the database

What’s your website’s URL?

Also, what is on the WordPress Page that fails to save? Is it just the HTML code, or are there more elements? What is the WordPress Page’s name?

nothing is on the page, i created a new one also tried to delete everything and just leave the hmtl code there.

twonet.ch if you could have a look. currently theres just a template on it because i cant save the html :wink:

Unanswered:

Also, nice URL!

Very Odd! Another Question: What Template are you using? When I tested your code, I used WordPress’s Twenty-Twenty-Five theme.

Oh sorry, its just named “Feldpost”

I also tried another theme don’t know if it was the 2025 theme. Will try it now with the 2025 theme.
At the moment the 2024 theme is installed

now i don’t get the error message, it just says it has saved it. But if I reload the site it isn’t there. Same if i view it directly on the site not with the editor.


That’s all I see.

Also, I created a WordPress Twenty-Twenty-Four page, and it works:

Are you using any plugins on your site?

they were some plugins but deactivated (AntiSpam and other). Deleted them all and it’s still not working.

I deleted the wordpress installtion and reinstalled it. Works now.

Do you can help me now how i make this safe?

The usual way to validate passwords safely is to send it to the server and check it there. You can do that with PHP code on our hosting, either as a standalone PHP script or maybe a WordPress plugin.

4 Likes

MOD NOTE: THIS IS UNSAFE AND NOT GOOD PRACTICE. NEVER store passwords in plaintext for any reason whatsoever

I found a way to allow PHP validation, but you will need FTP access. The File Manager is fine, however it’s recommended to use FileZilla.

  1. Navigate to /twonet.ch/htdocs/wp-content/
  2. Create a folder named feldpost and go into it
  3. Create a file named check-password.php, and paste the following:
<?php
header('Content-Type: application/json');

$input = json_decode(file_get_contents('php://input'), true);
$submittedPassword = $input['password'] ?? '';

$valid = false;
$address = "Bla bla\nBlabla\n1000 Bla";

if (($handle = fopen("passwords.csv", "r")) !== false) {
    $first = true;
    while (($data = fgetcsv($handle, 1000, ",")) !== false) {
        if ($first) { $first = false; continue; }
        $csvPassword = trim($data[0]);
        if ($submittedPassword === $csvPassword) {
            $valid = true;
            break;
        }
    }
    fclose($handle);
}

if ($valid) {
    echo json_encode(["success" => true, "address" => $address]);
} else {
    echo json_encode(["success" => false]);
}
?>
  1. Create a passwords.csv.txt file, and insert the following:
password
(your password here)
  1. Rename to passwords.csv
  2. In your WordPress editor, insert this into your HTML code block:
<div id="fresspaeckchen-container" style="max-width: 500px; margin: 40px auto; padding: 30px; border-radius: 12px; box-shadow: 0 4px 12px rgba(0,0,0,0.1); font-family: sans-serif;">
  <h2 style="text-align: center;">Feldpost senden 🪖🫡</h2>
  <p style="text-align: center;">Gib das Passwort ein, um meine Adresse zu sehen:</p>

  <input type="password" id="milpass" placeholder="Passwort eingeben..." style="width: 100%; padding: 12px; margin-top: 10px; border-radius: 8px; border: 1px solid #ccc; font-size: 16px;">
  <button onclick="checkPassword()" style="margin-top: 15px; width: 100%; padding: 12px; background-color: #2c3e50; color: white; border: none; border-radius: 8px; font-size: 16px; cursor: pointer;">
    Bestätigen
  </button>

  <div id="address-box" style="display: none; margin-top: 25px; background-color: #f6f6f6; padding: 20px; border-radius: 8px; border: 1px solid #ddd;"></div>
  <p id="error-message" style="color: red; margin-top: 10px; display: none;">Falsches Passwort. Versuch's nochmal.</p>
</div>

<script>
  async function checkPassword() {
    const input = document.getElementById("milpass").value;
    const addressBox = document.getElementById("address-box");
    const errorMessage = document.getElementById("error-message");

    const response = await fetch('/wp-content/feldpost/check-password.php', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ password: input })
    });

    const result = await response.json();

    if (result.success) {
      addressBox.innerHTML = `<strong>Feldpost-Adresse:</strong><br>${result.address.replace(/\n/g, '<br>')}`;
      addressBox.style.display = "block";
      errorMessage.style.display = "none";
    } else {
      addressBox.style.display = "none";
      errorMessage.style.display = "block";
    }
  }
</script>

If done correctly:

  1. The prompt will still appear
  2. Your password should authenticate with success, others should fail.
  3. Your address (stored in check-password.php) should print.

Quick Note: If you want to replace the address in the check-password.php code, Every time you want something on a new line

like this, use \n in between. Like this: I am\nthe one\nwho helped\nyou

Also, if you want to change the password, rename the .csv file to a .csv.txt file, open it in a text editor, and change the password. Reverse the name change when you’re done.

Lastly, to avoid a password leak, in the directory the PHP and CSV file is stored (/twonet.ch/htdocs/wp-content/feldpost/), create a .htaccess file and add the following: Deny from all

No no no

NEVER store passwords in plaintext. You also just publicly shared the file location that anyone can access to reveal the saved passwords (yes you have .htaccess there, but that does not protect against hacks, exploits, and mis-configuration)

Encrypt passwords, ALWAYS.

6 Likes

You do know that this will also cause the API endpoint to become inaccessible?

I also don’t know what’s the purpose of this step, you can just open a csv file with a text editor directly.

6 Likes

So can someone please provide me an step by step guide how to make it safer? I know how IT works but only System Engineering. I don’t know much about coding.

If you just want to get results quickly and don’t want to do too much coding, maybe you can find an existing WordPress plugin that does what you need? There are various plugins that can do password protection for pages, which are all probably more secure and easier to use than what you have now.

2 Likes