How to set up Basic Auth

What you need: The automatic protection (Enable Basic Auth) requires Simply Static Pro. In the free version, you can still enter credentials so Simply Static can crawl a WordPress site you've protected yourself.

Basic authentication is the recommended way to keep your WordPress site private once you move to a static setup. It locks your whole WordPress site behind a password prompt, which matters for two reasons:

  • Avoid duplicate content. With both your WordPress site and your static site online, search engines could index both. Password-protecting WordPress keeps duplicates out of the index.
  • Keep visitors on the static site. Only you and your editors should reach WordPress. Everyone else should land on the static version.

You'll find these settings under Simply Static > Debug, in the Basic Auth section.

With Simply Static Pro (automatic)

Pro handles the whole setup for you:

  1. Open Simply Static > Debug and find the Basic Auth section.
  2. Enter a Basic Auth Username and Basic Auth Password.
  3. Turn on Enable Basic Auth.

Simply Static puts your entire WordPress site behind password protection and automatically whitelists its own requests, so your pushes keep working exactly as before.

With the free version (manual)

In the free version, you protect WordPress at the server level yourself, then grant Simply Static the same credentials so its crawler can authenticate during a push.

First, set up Basic Auth on your web server.

Apache uses a .htaccess  file alongside a .htpasswd  file. The .htaccess  looks like this:

AuthType Basic AuthName "Access to the WordPress website" AuthUserFile /path/to/.htpasswd Require valid-user

The .htpasswd  file holds one username:hashedpassword  pair per line. Generate the entry with the htpasswd  command-line tool or a tool from your host, since the password is stored hashed rather than in plain text.

NGINX uses the auth_basic  and auth_basic_user_file  directives, pointing at a .htpasswd  file in the same format:

location / {     auth_basic           "Access to the WordPress website";     auth_basic_user_file /etc/nginx/.htpasswd; }

LiteSpeed reads Apache-style .htaccess  rules, so the Apache approach above generally works as-is. If you use another server, your host can usually set this up for you.

Prefer not to touch server config? A Basic Auth plugin can add the same protection from inside WordPress.

Once Basic Auth is active on your site, go to Simply Static > Debug, enter the same username and password under Basic Auth, and click Save Settings. Copy them across exactly to avoid typos. Simply Static then uses those credentials to crawl your protected site during a push.