Skip to main content
Bypass passwords let students request temporary access to a page blocked by GoGuardian Admin filtering policies. Use them when a specific student needs short-term access to a site that your organization’s policy would otherwise block.

Learn How Bypass Passwords Work

When a student reaches a blocked page, the GoGuardian Admin block page displays a Bypass button. The student clicks the button, enters a valid bypass password, and receives access to that URL for a preset duration (minutes, hours, or days), depending on the password configuration. Bypass passwords are global. Every bypass password you create applies to all users in your organization. Each password can be used multiple times.
Bypass passwords are not supported on The GoGuardian App deployment. At least one bypass password must be configured before the Bypass button appears on the block page.
GoGuardian Admin supports a maximum of 150 bypass passwords. Delete unused passwords before creating new ones if you reach this limit.
Use bypass passwords sparingly, if at all. Most filtering needs are better addressed through changes to your organization’s filter policies. Relying on bypass passwords as a routine workaround can undermine the consistency of your filtering environment.
'Restricted' GoGuardian block page containing a padlock with the GoGuardian logo and a "Bypass" button

Create a Bypass Password

  1. In GoGuardian Admin, go to Filtering > Advanced Config > Bypass Passwords.
  2. Enter a password in the text field. Select the desired length of time for access, then choose Minutes, Hours, or Days from the duration drop-down.
  3. Click Add.
The Bypass Password configuration page used to create a customized Bypass Password and Bypass length
  1. The new password appears in your bypass password list with the configured duration. The Bypass button is now active on the block page for all users.

Delete a Bypass Password

  1. In GoGuardian Admin, go to Filtering > Advanced Config > Bypass Passwords.
  2. Turn on the Show All Passwords toggle to display all existing bypass passwords.
  3. Click Delete next to the password you want to remove.
  4. The deleted password no longer appears in the list. Students who enter that password will not gain access.

Review Bypass Password Attempts

Navigate to Advanced Config > Bypass Password Attempts to view a record of all bypass attempts across your organization. Each record includes:
  • URL: the page where the bypass was attempted
  • Name: the name of the user who attempted the bypass
  • Email: the email address of the user
  • When: the date and time of the attempt
  • Success: whether the attempt succeeded (yes or no)
  • Password: the password that was entered
The Bypass Password Attempts page stores the 150 most recent attempts. Earlier records are not retained in the interface.
Review this page regularly to detect inappropriate student access or repeated failed guessing that may indicate students are attempting to circumvent filtering controls.

Manage Security for Bypass Passwords

Bypass passwords are global and reusable. A student who learns a bypass password can use it repeatedly to access any URL blocked by GoGuardian Admin filtering until the password is deleted. To reduce that risk:
  • Have an administrator or teacher enter the password for the student rather than sharing it directly with the student.
  • If a browser save prompt appears, select Never to prevent the browser from storing the bypass password.
  • Delete bypass passwords when they are no longer needed and create a new one for the next use case.
GoGuardian Beacon Smart Alert Trigger blocks and GoGuardian Teacher scene blocks cannot be bypassed with a bypass password.
If your organization wants to prevent students from attempting bypass passwords entirely, you can hide the Bypass button from the block page using CSS customization. See Customize Block Pages for instructions.

Resources

A Site Is Blocked Unexpectedly

Diagnose and resolve situations where a site is blocked that should be allowed.

Use Wildcard Rules

Build precise allow and block rules using wildcard patterns.
Last modified on July 14, 2026