From 1bd11f0e084b5a520626c781737e405cde4ed4d9 Mon Sep 17 00:00:00 2001
From: Herve Labas <herve@checklyhq.com>
Date: Thu, 12 Mar 2026 18:43:21 +0100
Subject: [PATCH] docs: add Status Page password protection documentation

New dedicated page covering enabling, rotating, and disabling
password protection on status pages, plus visitor experience
and operational caveats. Adds sidebar nav entry and cross-link
from the Creating a Status Page guide.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .../status-pages/creating-a-status-page.mdx   |  4 ++
 .../status-pages/password-protection.mdx      | 50 +++++++++++++++++++
 docs.json                                     |  1 +
 3 files changed, 55 insertions(+)
 create mode 100644 communicate/status-pages/password-protection.mdx

diff --git a/communicate/status-pages/creating-a-status-page.mdx b/communicate/status-pages/creating-a-status-page.mdx
index a45ab4f2..614c145a 100644
--- a/communicate/status-pages/creating-a-status-page.mdx
+++ b/communicate/status-pages/creating-a-status-page.mdx
@@ -12,3 +12,7 @@ To set up a Status Page, select ‘New status page’ on the [Status page overvi
 5. When you are happy with your setup, click ‘Create status page.’ You will now see a preview of your page, and a link to the public version of the page below the title.
 
 You can now share the link to your Status Page, and your users can subscribe to receive notifications when incidents are posted!
+
+<Tip>
+You can restrict access to your status page so only authorized users can view it. See [Password Protection](/communicate/status-pages/password-protection) for details.
+</Tip>
diff --git a/communicate/status-pages/password-protection.mdx b/communicate/status-pages/password-protection.mdx
new file mode 100644
index 00000000..7c2629a2
--- /dev/null
+++ b/communicate/status-pages/password-protection.mdx
@@ -0,0 +1,50 @@
+---
+title: 'Password Protection'
+description: 'Restrict access to your status page by requiring a password, so only authorized users can view your service health and incidents.'
+sidebarTitle: 'Password Protection'
+---
+
+<Note>
+Password protection is available as a Communicate Team add-on. [View pricing](https://checklyhq.com/pricing)
+</Note>
+
+Password protection makes your status page private. Visitors must enter a password before they can view service health, uptime data, or incidents. This is useful when your status page contains sensitive operational information intended for internal teams or select customers.
+
+## Enabling password protection
+
+1. Open your status page from the [Status Pages overview](https://app.checklyhq.com/status-pages).
+2. In the status page settings, enable the **Private** toggle.
+3. A password is automatically generated. Copy it and store it somewhere safe — it is only displayed once.
+4. Save your status page.
+
+Your status page now requires a password to access. Share the password with the people who need access.
+
+<Warning>
+The password is only shown once when it is generated. If you lose it, you will need to regenerate a new one.
+</Warning>
+
+## How visitors access a private status page
+
+When someone visits a password-protected status page, they see a login form. After entering the correct password, they are authenticated for **30 days** before needing to enter it again.
+
+<Note>
+If your status page uses both a subdomain (`your-page.checkly-status-page.com`) and a [custom domain](/communicate/status-pages/customization#custom-domain), visitors need to log in separately on each domain. Authentication does not carry over between domains.
+</Note>
+
+## Rotating the password
+
+You can regenerate the password at any time from the status page settings. When you do:
+
+- A new password is generated and displayed once — store it somewhere safe.
+- All existing sessions are invalidated. Every viewer will need to re-authenticate with the new password.
+
+Use password rotation when someone who had access no longer should, or as a routine security practice.
+
+## Disabling password protection
+
+To make your status page public again, turn off the **Private** toggle in your status page settings and save. The password is deleted and anyone can view the page without authentication.
+
+## Good to know
+
+- **Search engines**: Private status pages are excluded from search engine indexing. They use `noindex, nofollow` directives, so your operational data won't appear in search results.
+- **Rate limiting**: Password entry is rate-limited to 5 attempts per minute per IP address to protect against brute-force attacks.
diff --git a/docs.json b/docs.json
index 428afa15..42fb5ff7 100644
--- a/docs.json
+++ b/docs.json
@@ -276,6 +276,7 @@
                   "communicate/status-pages/overview",
                   "communicate/status-pages/creating-a-status-page",
                   "communicate/status-pages/customization",
+                  "communicate/status-pages/password-protection",
                   "communicate/status-pages/incidents",
                   "communicate/status-pages/subscriber-notifications"
                 ]