Protecting staging sites with Basic Authentication

This approach was primarily devised for use with WP Engine staging sites, but will work in any situation where you have no access to Apache’s config and need to use a single .htaccess file for multiple domains (e.g. a multisite setup).

We’ve recently had a couple of projects hosted on WPEngine where we need to have a staging site protected by Basic Authentication so only authorised users can access it. Normally I would configure Basic Authentication in the Apache VirtualHost, but on WP Engine (for example) they handle all the server configuration for us, meaning we don’t have access to the Apache configuration. WPEngine also provide a Git push to deploy facility, which we tend to take advantage of because Version Control Rools, OK? Because all the web files are within Git version control, we are using the same .htaccess file for the developer, staging and live sites. (We could Git ignore the .htacess file, but I prefer to version control more, rather than less.)

Continue reading Protecting staging sites with Basic Authentication

Setting HTTP Basic Authentication based on the host name

For many of our projects, the .htaccess file is under version control… but at the same time, I need to put HTTP Basic Authentiation on just the staging site. Unfortunately the host weren’t able to do this for me, but with a little .htaccess trickery I was able to detect the staging site URL and trigger the authentication.

Why do I want to do this? Well, pretty often the client is keen to see how some new, embargoed, content is going to fit together, whether that’s a group of new pages or a new masthead, etc. I don’t want just anyone guessing my staging site URL and wandering around getting information they shouldn’t! Continue reading Setting HTTP Basic Authentication based on the host name

WordPress and basic authentication, problems with WP Cron and file uploads

I have a Google ego search on my name, so I can keep track of what the Internets is saying about me behind my back. The other day the ego search summary email arrived and included was one of my development sites. Which was annoying because I don’t want people browsing around my development, it might be broken or confuse people by looking like a live site (but not contain proper content). So I did what I should have done from the beginning and enabled Basic Authentication on my development sites. (Basic Authentication protection provides those “popup passwords” you see around the place where a little, usually grey, dialog pops up asking for a username and password before you can go any further.)

Basic Authentication is as old as the hills in internet terms, and while it’s not the most sophisticated protection it’s a reliable and simple way to prevent any old Tom, Dick or Harriet poking around where you don’t want them. I’ve used it before for client sites which are hosted on the open internet, but where we only want a small selection of people to see it… add Basic Authentication and bosh, job done. Continue reading WordPress and basic authentication, problems with WP Cron and file uploads

Problems with .htaccess and AFP over Netatalk

After yesterdays triumph of establishing contact with my virtual server over AFP, using Netatalk, I was perplexed today to find that my .htaccess files weren’t having any effect. Listing the files on the shared volume on my Mac seemed to show that they were there:

~$ ls -Al /Volumes/Home Directory/www/sites/jackspeak/site/
total 736
-rwxr-xr-x   1 simon  simon    401  6 Apr 18:08 .htaccess
drwxr-xr-x@ 10 simon  simon    296  5 Apr 11:30 .svn
-rwxr-xr-x@  1 simon  simon   2941  5 Apr 11:30 500.html

But running the same command on the Linux virtual server showed very different results:

~$ ls -Al /www/sites/jackspeak/site/
total 736
-rwxr-xr-x   1 simon  simon    401  6 Apr 18:08 :2ehtaccess
drwxr-xr-x@ 10 simon  simon    296  5 Apr 11:30 :2esvn
-rwxr-xr-x@  1 simon  simon   2941  5 Apr 11:30 500.html

Apache wasn’t seeing any .htaccess files because there wasn’t any there… something had translated the “.” into “:2e”. What was this strange set of characters “:2e” which was screwing with my files? Continue reading Problems with .htaccess and AFP over Netatalk

Simple Apache redirects

If you look around the web, you’ll see endless tutorials on how to configure Apache to do redirects using mod_rewrite. Undoubtedly mod_rewrite is a powerful way to control access and redirects on your Apache server, and it is enabled on many web hosts, but before you dive into the complexity and regular expressions of mod_rewrite, why don’t you give mod_alias a chance – you don’t have the power that you’ve got with mod_rewrite, but it is a lot simpler. Shall we take a look? Continue reading Simple Apache redirects