How to set up Basic Auth

Basic authentication is the recommended way to protect your WordPress website from public access and the Google Bot when moving to a Static WordPress setup with Simply Static.

What is Basic Authentification?

Basic authentication is a simple and reliable way to lock down your entire website behind a password prompt and prevent public access.

This is important for multiple reasons:

Avoid Duplicate Content

When both versions of your website (WordPress and your static site) are online, you want to avoid a duplicate content problem. Basic authentification solves that by locking down your entire WordPress website behind a password prompt.


When running a static site setup you want to avoid any kind of requests to your WordPress website. Only you, your editors, or other authenticated users should have access to WordPress - all visitors should land on the static site instead.

How to set up Basic Authentification?

Setting up Basic Authentification depends on the webserver you are using to run your WordPress website.

Simply Static supports Apache and NGINX - if you use something else (like Litespeed), please reach out to your hosting provider and let them handle it for you.


You will need a .htaccess and a .htpasswd file to password-protect a directory on an Apache server.

The .htaccess  file typically looks like this:

AuthType Basic
AuthName "Access to the WordPress website"
AuthUserFile /path/to/.htpasswd
Require valid-user

The .htaccess  file references a .htpasswd  file in which each line consists of a username and a password separated by a colon (: ). You cannot see the actual passwords as they are hashed (using MD5-based hashing, in this case).

To convert your password to an MD5-hash, you can use the free online converter here.



For NGINX, you will need to specify a location you will protect and the auth_basic  directive, which provides the name of the password-protected area.

The auth_basic_user_file  directive then points to a .htpasswd  file containing the encrypted user credentials, just like in the Apache example above.

location /status {
    auth_basic           "Access to the WordPress website";
    auth_basic_user_file /etc/apache2/.htpasswd;

Set up Basic Auth with a plugin

There is a fantastic free plugin available on the repository called Easy Basic Authentification that can do the setup for you - there is no need to modify configuration files on your server yourself.

How it works

Download, install, and activate the plugin from the WordPress repository, and within your admin area, navigate to Easy Basic A.

The settings page is super straightforward - here is what we recommend when using it alongside Simply Static:

Make sure to enable it for wp-admin and the entire site, add your username and password, and save the settings. The other settings are optional.

Your WordPress website is now entirely protected with Basic Auth - great job!

Whitelist access for Simply Static

The only thing left to do is allow Simply Static to run static exports with Basic Authentication activated.

To do that, navigate to Simply Static -> Settings -> Misc -> Basic Auth and add the exact same username and password (you can also copy them to avoid any typos) you have added to the Easy Basic Authentification plugin settings.

Click Save Settings, and you're done!