Protecting staging sites with Basic Authentication

This approach was primarily devised for use with WP Engine staging sites, but will work in any situation where you have no access to Apache’s config and need to use a single .htaccess file for multiple domains (e.g. a multisite setup).

We’ve recently had a couple of projects hosted on WPEngine where we need to have a staging site protected by Basic Authentication so only authorised users can access it. Normally I would configure Basic Authentication in the Apache VirtualHost, but on WP Engine (for example) they handle all the server configuration for us, meaning we don’t have access to the Apache configuration. WPEngine also provide a Git push to deploy facility, which we tend to take advantage of because Version Control Rools, OK? Because all the web files are within Git version control, we are using the same .htaccess file for the developer, staging and live sites. (We could Git ignore the .htacess file, but I prefer to version control more, rather than less.)

Continue reading Protecting staging sites with Basic Authentication

Setting HTTP Basic Authentication based on the host name

For many of our projects, the .htaccess file is under version control… but at the same time, I need to put HTTP Basic Authentiation on just the staging site. Unfortunately the host weren’t able to do this for me, but with a little .htaccess trickery I was able to detect the staging site URL and trigger the authentication.

Why do I want to do this? Well, pretty often the client is keen to see how some new, embargoed, content is going to fit together, whether that’s a group of new pages or a new masthead, etc. I don’t want just anyone guessing my staging site URL and wandering around getting information they shouldn’t! Continue reading Setting HTTP Basic Authentication based on the host name