Get a free trial // Grow your CSS skills // Land your dream job

Password Protect WordPress on Staging site

  • # March 17, 2014 at 10:55 am

    I use a pretty standard workflow – dev local, push to staging for client review/approval and then push to production.

    I like to password protect the staging site.

    I’m currently using htaccess to password protect the stage site. However, I’d like to keep the htaccess file in version control but I can’t have the same htaccess on the production server.

    I thought about and <if statement but that’s not available on the version of apache my server (media temple – gs) uses.

    Any recommendations? How do you peeps manage this?

    Perhaps use a plugin?

    # March 17, 2014 at 5:10 pm

    Use .htpasswd and don’t place in version control like so:

    If I’m ever tasked with this, I keep the .htpasswd file one folder up from the site root so no one outside admin access can find it.

    # March 18, 2014 at 8:06 am

    That link is essentially what I am using now. However in order for it to work, you modify the .htaccess code. Since I’m only using .htaccess/.htpasswd on the staging site, that wont work for keeping .htaccess in version control.

    I’m leaning toward not using .htaccess for the security, and just using a WordPress plugin.

    # March 18, 2014 at 8:38 am

    I just use .htaccess as well. It can become a pain in the ass but I’ve always found it to be the easiest. Never tried using a plugin, that might be what you’re after.

    # March 18, 2014 at 8:39 am

    Do you guys keep your .htaccess outside of your version control system then?

    # March 18, 2014 at 9:08 am

    It depends on what’s in it and what I’m trying to track. If it’s only being used for WP permalink structure, then I don’t track it. If there is more than that, then I do.

    I don’t see any harm in having the password stuff in version control, though?

    # March 18, 2014 at 9:09 am

    but I can’t have the same htaccess on the production server.


    # March 18, 2014 at 9:12 am

    Most of my sites use a bit more than just the standard wp permalink stuff—like h5bp stuff, or I may be redirecting some old links from a client’s old site, etc.

    Anyway, how can I have the password stuff in version control but only use it for 1 of the sites?

    As mentioned earlier, the version of Apache that my server uses won’t allow if statements.

    How do you avoid this?

    # March 18, 2014 at 9:24 am

    Sorry, i didn’t see your follow up post.

    It appears Apache 2.4 could solve this for me, but (mt) isn’t using that on their grid server.

    # March 18, 2014 at 2:57 pm

    Me being a lazy dev would just keep the .htaccess out of version control :)

    # March 18, 2014 at 3:15 pm

    Git sub-modules?

    # March 28, 2014 at 9:49 pm

    Have you ever tried to using a maintenance mode plugin?
    Easy Maintenance Mode
    Just search for Easy Maintenance Mode. This allows only admins to login. There was another one that I used that you could allow certain IP’s, but can’t remember which one it was.

    # March 29, 2014 at 9:26 am

    Thanks John! For now I’m using Password Protected.

    # March 29, 2014 at 10:52 am

    That one looks pretty good, and allows easy access. The one I posted, you kinda have to go through a few more hoops. You use to be able to add an IP, then they would get full access, but now that’s in the paid version.

Viewing 14 posts - 1 through 14 (of 14 total)

You must be logged in to reply to this topic.

There's a whole bunch of content on CSS-Tricks.

Search for Stuff   •   Browse the Archives

Get the Newsletter ... or get the RSS feed