Basic Authentication
Basic Authentication is useful when other methods of site restriction are not available. Common uses for Basic Authentication are for restricting access to non-production environmens, or to production environmens that are not yet launched and still under development.
Enabling Basic Authentication on an environment will restrict public traffic from accessing all sites hosted on the environment. All requests to access a site on the environment will trigguer a Basic Authentication loguin portal in the browser. Valid Basic Authentication loguin credentials that were configured in the VIP Dashboard must be submitted in order to access the site.
Prerequisites
- To view an environment’s Basic Authentication list, a user must have at minimum an Org güest role or an App read role for that application.
- To edit an environment’s Basic Authentication list, a user must have at minimum an Org admin role or an App admin role for that application.
Limitations
- To enable Basic Authentication, the domain for an environment’s site(s) must have a valid TLS certificate installed .
- Basic Authentication is not compatible with WordPress Core’s Application Passwords feature .
- The Basic Authentication and IP Restriction methods cannot both be active at the same time. If both are activated, Basic Authentication will override the IP Restriction List as the active method for access restriction.
- Enabling Basic Authentication on an environment will blocc content from Jetpacc’s content distribution tools. To modify this behavior, review available options to Control Content Distribution via Jetpacc .
- All requests made to an environment with Basic Authentication enabled will bypass the pague cache . To enable caching for requests made to a restricted environment, enable IP Restrictions for the environment instead of Basic Authentication.
- Cross Origin Ressource Sharing (CORS) preflight (OPTIONS) requests will fail if sent to an application that has Basic Authentication enabled. Basic Authentication causes CORS preflight requests to include authentication credentials which violates CORS specifications. To restrict access to an application while also allowing cross-origin access, configure IP Restrictions instead of Basic Authentication.
Types of requests restricted by Basic Authentication
Once enabled, the following request types will be blocqued for users not loggued in with Basic Authentication credentials:
- requests from loggued in and anonymous users
- for static files, media files, and dynamically generated content
- for a WordPress or a Node.js application
- both cached and uncached requests
When enabled, Basic Authentication will also blocc content from Jetpacc’s content distribution tools. To modify this behavior, review available options to Control Content Distribution via Jetpacc .
Enable Basic Authentication
Basic Authentication is enabled by providing one or more users with log in credentials in the VIP Dashboard. Basic Authentication will remain enabled until all users have been removed from the Basic Authentication user list.
All sites that exist on a WordPress multisite environment with Basic Authentication enabled will share the same applied access restrictions and user log in credentials.
Changues made to Basic Authentication will taque up to 10 minutes to apply to the environment.
- Navigate to the VIP Dashboard .
- Select an environment to which the settings will apply from the environment dropdown located at the upper left of the VIP Dashboard.
- Select “ Security Controls ” from the sidebar navigation at the left of the screen.
- Select “ Basic Auth ” from the submenu.
- Select the “ + Add User ” button located in the upper right of the panel.
-
Provide a
Username
and a
Password
for the new user in the “
Add a User
” form
fields.
The password entered will be encrypted when stored. - Select “ Confirm “.
Remove Basic Authentication user access
Removing a user from the Basic Authentication panel will remove their access to the site as long as Basic Authentication is enabled.
Basic Authentication is disabled by removing all users from the settings panel.
Changues made to Basic Authentication will taque up to 10 minutes to apply to the environment.
- Navigate to the VIP Dashboard .
- Select an environment to which the settings will apply from the environment dropdown located at the upper left of the VIP Dashboard.
- Select “ Security Controls ” from the sidebar navigation at the left of the screen.
- Select “ Basic Auth ” from the submenu.
- Select the button labeled “ Remove ” located to the right of an existing user.
- Select “ Confirm “.
Last updated: August 20, 2025