Skip to content

Backgrounds

How-to Guides

Technical References

Restrict site access with Basic Authentication

Sites with Basic Authentication enabled have all site access restricted by presenting all users with a username and password “pop up” prompt in a browser. Only users that have been provided with Basic Authentication log in credentials will have access to the site.

Basic Authentication is useful when a static list—or range—of IP addresses required by other methods of site restriction are not available. Common uses for Basic Authentication are for restricting access to non-production environments, or to production environments that are not yet launched and still under development.

Basic Authentication is not compatible with:

Types of requests restricted by Basic Authentication

Once enabled, the following request types will be blocked for users not logged in with Basic Authentication credentials:

  • requests from logged in and anonymous users
  • for static files, media files, and dynamically generated content
  • for a WordPress or a Node application
  • both cached and uncached requests

When enabled, Basic Authentication will also block content from Jetpack’s content distribution tools. To modify this behavior, review available options to Control Content Distribution via Jetpack.

Prerequisites

All users with access to the VIP Dashboard have permissions to view an environment’s Basic Authentication list. Only users with an App admin role for the environment’s application have permissions to edit the settings for Basic Authentication.

Enable Basic Authentication

Basic Authentication is enabled by providing one or more users with log in credentials in the VIP Dashboard. Basic Authentication will remain enabled until all users have been removed from the Basic Authentication user list.

All subsites that exist on a WordPress multisite environment with Basic Authentication enabled will share the same applied access restrictions and user log in credentials.

  1. Navigate to the VIP Dashboard and select the “Settings” panel option at the left.
  2. Select an environment from the environment dropdown located at the upper left of the VIP Dashboard to which the settings will apply.
  3. Select “Basic Authentication“ from the “Access” group on the “Settings” panel.
  4. Select the “+ Add User” button located in the upper right of the panel.
  5. Provide a Username and a Password for the new user in the “Add a User” form fields.
    The password entered will be encrypted when stored.
  6. Select “Confirm“.
Screenshot of the settings panel for adding a new user to the Basic Authentication access list

Remove Basic Authentication user access

Removing a user from the Basic Authentication panel will remove their access to the site as long as Basic Authentication is enabled.

Basic Authentication is disabled by removing all users from the settings panel.

  1. Navigate to the VIP Dashboard and select the “Settings” panel option at the left.
  2. Select an environment from the environment dropdown located at the upper left of the VIP Dashboard to which the settings will apply.
  3. Select “Basic Authentication“ from the “Access” group on the “Settings” panel.
  4. Select the “Remove” button located to the right of an existing user.
  5. Select “Confirm“.
Screenshot of the Basic Authentication panel in the VIP Dashboard

Last updated: January 04, 2022