If you use WPEngine for your WordPress site hosting and you’re new to the platform, you may be a bit confused by the password protection feature that comes with every new site. WPEngine implemented password protection for sites in development back in 2015. It’s a necessary security feature with two aims: 1)  to protect your site from view by others until it’s ready to go live, and 2) to require you to pay for WPEngine hosting before you invite people to see your new site.

Here’s what password-protection at WPEngine looks like

When you first visit a WPEngine password-protected site, you’ll see a little white box that prompts you for a username and password – and nothing else. The site is not visible.

 

This little white box is called Basic Auth, otherwise known as “that little white box”. This is the built-in, default behavior for new sites at WPEngine, the host we use and recommend.

Basic Auth is required for all “dev sites” or sites that don’t yet have a real URL pointed at them. If you’re working on a new version of your site at WPEngine, that password-protection will stay in place until you flip the switch and point your URL at the new site. 

Once you’re ready, you can follow these steps to disable your site’s password protection:

DISABLING PASSWORD PROTECTION

  1. Login to the User Portal
  2. Click on the site name you wish to disable password protection on
  3. Click Utilities
  4. Locate the section “Password Protected”
  5. Uncheck the box for the environment you’d like to disable protection on
  6. Click Save

NOTE: Password protection cannot be disabled on transferable sites. A transferable site must first be unlocked to remove password protection.

Commonly Asked Questions about Basic Auth

WHY DO I GET MULTIPLE LOGIN PROMPTS?

Some users may be prompted to enter the username and password more than one time in order to view the site. This can occur when you have content or assets loading from more than one domain. For example, you might have images at myenvironment.wpengine.com/image.jpg as well as www.mycoolsite.com/image2.jpg.

To avoid this, ensure your assets’ paths utilize only a single domain, or use relative paths in your site’s code. A search and replace may help correct your site’s database. Disabling plugins and changing theme may be necessary as well until the conflict is resolved in the code.

Source: https://wpengine.com/support/password-protecting-wp-engine-site/

MY PASSWORD ISN’T WORKING

Did you recently copy or deploy your site? You may have references to the previous domain in your site which is causing a conflict. You may even see the incorrect domain in the password protection popup.

This is an issue for WPEngine Live Chat, contact them for personalized help.

HOW DO I RUN A PERFORMANCE TEST ON MY SITE WHILE USING PASSWORD PROTECTION?

A third party performance tool will need to be able to access your site to test the speed. This means you need to seek out a test that allows testing behind basic authentication. This feature typically requires an account be created with the test service.

Source: https://wpengine.com/support/password-protecting-wp-engine-site/

MY API CANNOT CONNECT WITH BASIC AUTHENTICATION ENABLED

You must pass your password protection credentials on to any service that requires connecting to the site during the time the site is password protected.

Source: https://wpengine.com/support/password-protecting-wp-engine-site/

HOW CAN I CONTACT WPENGINE SUPPORT?

In order to get expert one-on-one help, please log into your account so we can identify your account and get you exactly the help you need. WPEngine offers support 24 hours a day, 7 days a week, 365 days a year.

Need help with your site right now?

Kate M. Gilbert, experienced web developer and WordPress expert, is available for hands-on, live web support via Zoom Office Hours.

During these 1-on-1 sessions, you get the undivided attention of a tech expert who’s been there, has worked with your software, and is passionate about helping you figure it out, too, so that you can rock your web marketing.