Password protected posts have too long lifespan
|Reported by:||Clorith||Owned by:|
When creating a password protected post the access permissions are stored with cookies using wp-pass.php which defaults to 10 days.
This is too long of a lifetime for a protected page as subsequent visits within that timeframe allows anyone access to the protected content.
Ideally this should be a user definable value, either set per post, or on a global level for that WP instance.