Setting HTTP Basic Authentication based on the host name

For many of our projects, the .htaccess file is under version control… but at the same time, I need to put HTTP Basic Authentiation on just the staging site. Unfortunately the host weren’t able to do this for me, but with a little .htaccess trickery I was able to detect the staging site URL and trigger the authentication.

Why do I want to do this? Well, pretty often the client is keen to see how some new, embargoed, content is going to fit together, whether that’s a group of new pages or a new masthead, etc. I don’t want just anyone guessing my staging site URL and wandering around getting information they shouldn’t! Continue reading Setting HTTP Basic Authentication based on the host name

WordPress and basic authentication, problems with WP Cron and file uploads

I have a Google ego search on my name, so I can keep track of what the Internets is saying about me behind my back. The other day the ego search summary email arrived and included was one of my development sites. Which was annoying because I don’t want people browsing around my development, it might be broken or confuse people by looking like a live site (but not contain proper content). So I did what I should have done from the beginning and enabled Basic Authentication on my development sites. (Basic Authentication protection provides those “popup passwords” you see around the place where a little, usually grey, dialog pops up asking for a username and password before you can go any further.)

Basic Authentication is as old as the hills in internet terms, and while it’s not the most sophisticated protection it’s a reliable and simple way to prevent any old Tom, Dick or Harriet poking around where you don’t want them. I’ve used it before for client sites which are hosted on the open internet, but where we only want a small selection of people to see it… add Basic Authentication and bosh, job done. Continue reading WordPress and basic authentication, problems with WP Cron and file uploads