The latest entered password is stored as a secure hash in a cookie named 'wp-postpass_' . COOKIEHASH.

When the password form is called, that cookie has been validated already by WordPress. So you just have to check if that cookie exists: If it does and the password form is displayed, the password was wrong.

add_filter( 'the_password_form', 'wpse_71284_custom_post_password_msg' ); /** * Add a message to the password form. * * @wp-hook the_password_form * @param string $form * @return string */ function wpse_71284_custom_post_password_msg( $form ) {  // No cookie, the user has not sent anything until now. if ( ! isset ( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) ) return $form; // We have a cookie, but it doesn’t match the password. $msg = '<p class="custom-password-message">Sorry, your password didn’t match.</p>'; return $msg . $form; } 

The latest entered password is stored as a secure hash in a cookie named 'wp-postpass_' . COOKIEHASH.

When the password form is called, that cookie has been validated already by WordPress. So you just have to check if that cookie exists: If it does and the password form is displayed, the password was wrong.

add_filter( 'the_password_form', 'wpse_71284_custom_post_password_msg' ); /** * Add a message to the password form. * * @wp-hook the_password_form * @param string $form * @return string */ function wpse_71284_custom_post_password_msg( $form ) { // No cookie, the user has not sent anything until now. if ( ! isset ( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) ) return $form; // Translate and escape. $msg = esc_html__( 'Sorry, your password is wrong.', 'your_text_domain' ); // We have a cookie, but it doesn’t match the password. $msg = "<p class='custom-password-message'>$msg</p>"; return $msg . $form; } 

The latest entered password is stored as a secure hash in a cookie named 'wp-postpass_' . COOKIEHASH. When the password form is called, that cookie has been checked already by WordPress. So you just have to check if that cookie exists:

add_filter( 'the_password_form', 'wpse_71284_custom_post_password_msg' ); /** * Add a message to the password form. * * @wp-hook the_password_form * @param string $form * @return string */ function wpse_71284_custom_post_password_msg( $form ) { if ( ! isset ( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) )   {  return $form; } // We have a cookie, but it doesn’t match the password. $msg = '<p class="custom-password-message">Sorry, your password didn’t match.</p>'; return $msg . $form; } 

The latest entered password is stored as a secure hash in a cookie named 'wp-postpass_' . COOKIEHASH. 

When the password form is called, that cookie has been validated already by WordPress. So you just have to check if that cookie exists: If it does and the password form is displayed, the password was wrong.

add_filter( 'the_password_form', 'wpse_71284_custom_post_password_msg' ); /** * Add a message to the password form. * * @wp-hook the_password_form * @param string $form * @return string */ function wpse_71284_custom_post_password_msg( $form ) {   // No cookie, the user has not sent anything until now. if ( ! isset ( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) ) return $form; // We have a cookie, but it doesn’t match the password. $msg = '<p class="custom-password-message">Sorry, your password didn’t match.</p>'; return $msg . $form; }