How to set up Basic Auth

Basic authentication is the recommended way to protect your WordPress website from public access and the Google Bot when moving to a Static WordPress setup with Simply Static.

What is Basic Authentication?

Basic authentication is a simple and reliable way to lock down your entire website behind a password prompt and prevent public access.

This is important for multiple reasons:

Avoid Duplicate Content

When both versions of your website (WordPress and your static site) are online, you want to avoid duplicate content. Basic authentication solves that problem by locking your entire WordPress website behind a password prompt.

Security

When running a static site setup, you want to avoid requests to your WordPress website. Only you, your editors, or other authenticated users should have access to WordPress—all visitors should land on the static site instead.

How to set up Basic Authentication (Pro version)

We have entirely automated the setup process of Basic Authentication with the release of Simply Static Pro 1.5.1.

All you need to do is head over to Simply Static -> Settings -> Misc -> Basic Auth, add your username and password, and activate Enable Basic Authentification.

We will put your entire WordPress website behind password authentication and automatically whitelist requests from Simply Static to your website so that you can run exports as before.

How to set up Basic Authentication (Free Version)

Setting up Basic Authentication depends on the webserver you use to run your WordPress website.

Simply Static supports Apache and NGINX. If you use something else (like Litespeed), please contact your hosting provider and let them handle it for you.

Apache

You will need a .htaccess and a .htpasswd file to password-protect a directory on an Apache server.

The .htaccess  file typically looks like this:

AuthType Basic
AuthName "Access to the WordPress website"
AuthUserFile /path/to/.htpasswd
Require valid-user

The .htaccess  file references a .htpasswd  file in which each line consists of a username and a password separated by a colon (: ). You cannot see the actual passwords as they are hashed (using MD5-based hashing, in this case).

To convert your password to an MD5-hash, you can use the free online converter here.

simply_static:$apr1$ZjTqBB3f$IF9gdYAGlMrs2fuINjHsz.

NGINX

For NGINX, you must specify a location you will protect and the auth_basic  directive, which provides the name of the password-protected area.

The auth_basic_user_file  directive then points to a .htpasswd  file containing the encrypted user credentials, like in the Apache example above.

location /status {
    auth_basic           "Access to the WordPress website";
    auth_basic_user_file /etc/apache2/.htpasswd;
}

Whitelist access for Simply Static (Free Version)

The only thing left to do is allow Simply Static to run static exports with Basic Authentication activated.

To do that, navigate to Simply Static -> Settings -> Misc -> Basic Auth and add the exact same username and password (you can also copy them to avoid any typos) you have added to the Easy Basic Authentication plugin settings.

Click Save Settings, and you're done!