Server side access control

As part of a new, proper grown-up staging and production environment, I needed to make sure that wordpress built staging domain could only be accessed by authorised users and, equally importantly, be certain that the site wouldn’t get indexed by search engines.

I’ve used tools like maintenance mode before, of course, but that would still show that the site was there. And if you can see it there is more chance of being hacked. The answer lies in .htdocs and a .htpasswd (on my linux hosting).

I created a new txt doc and saved it as .htpasswd

In the file you simply need the combination of the username and the ENCRYPTED password. For the truly techie there are probably easy ways of doing it, but for me I headed over to: to create the encryption. In the file the text will look like this {Username}:{encryptedpassword}

The I edited .htaccess to include:

# require password for whole site

AuthUserFile /home/path/to/the/root/htdocs/.htpasswd
AuthType Basic
AuthName “Staging environment”
Require valid-user

AuthName is used in the alert box that will pop up, so you can rename this as you see fit. Finding the server root to the path was tricky for me (using Fasthosts). But I found it in the end under custom scripts for my domain.


You may also like...

Leave a Reply

Your email address will not be published.