Password-Protect Staging Site
  • Anyone have any advice on password-protecting your staging sites?

    I think using an .htaccess to white-list the production domain(s) would be the best route for Vae, but that leads to a question or two:

    Can we use .htpasswd files with Vae?
    If so, what is the server path to the .htpasswd file if we put it in the root FTP directory?


  • 3 Answers sorted by
  • Yes you can use .htpasswd files with Vae, I have had to do this before.

    For finding the server path to the .htpasswd file if we put it in the root FTP directory, I would just use the $_SERVER array to find this information with php.


  • Generally if you password-protect the root of the staging site, nothing will work properly.

    We recommend using <v:users:login> (and you could combine this with <v:if path="staging()">).

  • Ah, yeah. I thought about using the v:users:login tag, but we are using that elsewhere for production purposes (its an ecommerce shop), so I didn't want to worry about any backdoor loopholes into the staging site. I'll see what I can come up with though. Maybe just needs an extra logic test.

    Also, I've found that v:if path="staging()" only protects the non-www version of the staging site. I noticed this in some SEO testing, where www links to the staging site are showing up in search results even though we have the norobots meta tag inserted if its the staging site.

    In other words, v:if path="staging()" works for, but it doesn't work for

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

In this Discussion