diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
index 52c84e1..2749b12 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
@@ -419,6 +419,8 @@ class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller {
 			'readonly'        => true,
 		);
 
+		unset( $schema['properties']['password'] );
+
 		return $schema;
 	}
 
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
index a9d8f3c..ad7c4e0 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
@@ -1948,14 +1948,14 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
 				'type'        => 'boolean',
 				'context'     => array( 'view', 'edit' ),
 			);
-
-			$schema['properties']['password'] = array(
-				'description' => __( 'A password to protect access to the content and excerpt.' ),
-				'type'        => 'string',
-				'context'     => array( 'edit' ),
-			);
 		}
 
+		$schema['properties']['password'] = array(
+			'description' => __( 'A password to protect access to the content and excerpt.' ),
+			'type'        => 'string',
+			'context'     => array( 'edit' ),
+		);
+
 		if ( 'page' === $this->post_type ) {
 			$schema['properties']['template'] = array(
 				'description' => __( 'The theme file to use to display the object.' ),
diff --git a/tests/phpunit/tests/rest-api/rest-pages-controller.php b/tests/phpunit/tests/rest-api/rest-pages-controller.php
index 29f050f..2ce9afe 100644
--- a/tests/phpunit/tests/rest-api/rest-pages-controller.php
+++ b/tests/phpunit/tests/rest-api/rest-pages-controller.php
@@ -358,12 +358,78 @@ class WP_Test_REST_Pages_Controller extends WP_Test_REST_Post_Type_Controller_Te
 		$this->assertEquals( 0, $new_data['menu_order'] );
 	}
 
+	public function test_get_page_with_password() {
+		$page_id = $this->factory->post->create( array(
+			'post_type'     => 'page',
+			'post_password' => '$inthebananastand',
+		) );
+
+		$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/pages/%d', $page_id ) );
+		$response = $this->server->dispatch( $request );
+
+		$data = $response->get_data();
+		$this->assertEquals( '', $data['content']['rendered'] );
+		$this->assertTrue( $data['content']['protected'] );
+		$this->assertEquals( '', $data['excerpt']['rendered'] );
+		$this->assertTrue( $data['excerpt']['protected'] );
+	}
+
+	public function test_get_page_with_password_using_password() {
+		$page_id = $this->factory->post->create( array(
+			'post_type'     => 'page',
+			'post_password' => '$inthebananastand',
+			'post_content'  => 'Some secret content.',
+			'post_excerpt'  => 'Some secret excerpt.',
+		) );
+
+		$page = get_post( $page_id );
+		$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/pages/%d', $page_id ) );
+		$request->set_param( 'password', '$inthebananastand' );
+		$response = $this->server->dispatch( $request );
+
+		$data = $response->get_data();
+		$this->assertEquals( wpautop( $page->post_content ), $data['content']['rendered'] );
+		$this->assertTrue( $data['content']['protected'] );
+		$this->assertEquals( wpautop( $page->post_excerpt ), $data['excerpt']['rendered'] );
+		$this->assertTrue( $data['excerpt']['protected'] );
+	}
+
+	public function test_get_page_with_password_using_incorrect_password() {
+		$page_id = $this->factory->post->create( array(
+			'post_type'     => 'page',
+			'post_password' => '$inthebananastand',
+		) );
+
+		$page = get_post( $page_id );
+		$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/pages/%d', $page_id ) );
+		$request->set_param( 'password', 'wrongpassword' );
+		$response = $this->server->dispatch( $request );
+
+		$this->assertErrorResponse( 'rest_post_incorrect_password', $response, 403 );
+	}
+
+	public function test_get_page_with_password_without_permission() {
+		$page_id = $this->factory->post->create( array(
+			'post_type'     => 'page',
+			'post_password' => '$inthebananastand',
+			'post_content'  => 'Some secret content.',
+			'post_excerpt'  => 'Some secret excerpt.',
+		) );
+		$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/pages/%d', $page_id ) );
+		$response = $this->server->dispatch( $request );
+		$data = $response->get_data();
+		$this->assertEquals( '', $data['content']['rendered'] );
+		$this->assertTrue( $data['content']['protected'] );
+		$this->assertEquals( '', $data['excerpt']['rendered'] );
+		$this->assertTrue( $data['excerpt']['protected'] );
+	}
+
 	public function test_get_item_schema() {
 		$request = new WP_REST_Request( 'OPTIONS', '/wp/v2/pages' );
 		$response = $this->server->dispatch( $request );
 		$data = $response->get_data();
 		$properties = $data['schema']['properties'];
-		$this->assertEquals( 21, count( $properties ) );
+		$this->assertEquals( 22, count( $properties ) );
 		$this->assertArrayHasKey( 'author', $properties );
 		$this->assertArrayHasKey( 'comment_status', $properties );
 		$this->assertArrayHasKey( 'content', $properties );
@@ -379,6 +445,7 @@ class WP_Test_REST_Pages_Controller extends WP_Test_REST_Post_Type_Controller_Te
 		$this->assertArrayHasKey( 'modified', $properties );
 		$this->assertArrayHasKey( 'modified_gmt', $properties );
 		$this->assertArrayHasKey( 'parent', $properties );
+		$this->assertArrayHasKey( 'password', $properties );
 		$this->assertArrayHasKey( 'ping_status', $properties );
 		$this->assertArrayHasKey( 'slug', $properties );
 		$this->assertArrayHasKey( 'status', $properties );
diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php
index 3365f77..1a8545b 100644
--- a/tests/phpunit/tests/rest-api/rest-posts-controller.php
+++ b/tests/phpunit/tests/rest-api/rest-posts-controller.php
@@ -770,7 +770,9 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
 		$this->check_get_post_response( $response, 'view' );
 
 		$data = $response->get_data();
+		$this->assertEquals( '', $data['content']['rendered'] );
 		$this->assertTrue( $data['content']['protected'] );
+		$this->assertEquals( '', $data['excerpt']['rendered'] );
 		$this->assertTrue( $data['excerpt']['protected'] );
 	}
 
@@ -790,7 +792,9 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
 
 		$data = $response->get_data();
 		$this->assertEquals( wpautop( $post->post_content ), $data['content']['rendered'] );
+		$this->assertTrue( $data['content']['protected'] );
 		$this->assertEquals( wpautop( $post->post_excerpt ), $data['excerpt']['rendered'] );
+		$this->assertTrue( $data['excerpt']['protected'] );
 	}
 
 	public function test_get_post_with_password_using_incorrect_password() {
@@ -817,8 +821,9 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
 		$data = $response->get_data();
 		$this->check_get_post_response( $response, 'view' );
 		$this->assertEquals( '', $data['content']['rendered'] );
+		$this->assertTrue( $data['content']['protected'] );
 		$this->assertEquals( '', $data['excerpt']['rendered'] );
-
+		$this->assertTrue( $data['excerpt']['protected'] );
 	}
 
 	public function test_get_item_read_permission_custom_post_status() {