Hi @zignorp, I’m glad to hear the videos are proving helpful.
Am I correct in saying you’re talking about Basic Authentication / “.htpasswd” protection on your staging sites?
If so, this does add extra considerations when connecting Wordfence Central because the site needs to be able to connect to yours.
Some hosts like WP Engine have a feature in their control panel to enable basic auth. However, as they’re moving away from using .htaccess files, they may need to assist customers in ways to allow the site to connect back to itself, and/or to allow connections from our servers. I’m not sure if you’re on that platform but thought it was worth mentioning.
Basic auth for everyone, except allowing certain IPs is shown here, which could be a possible solution: https://stackoverflow.com/questions/4102763/apache-basic-authentication-except-for-those-allowed
For your convenience, our IPs can be found here: https://www.wordfence.com/help/advanced/#servers-and-ip-range
Thanks,
Peter.
Thanks, Peter. I’d like to hear how anyone else is handling this, if they have sites that they’re testing new options with a small subset of people viewing.
Hi @zignorp,
I have only been aware of a few customers using this method, which is where most of my information on this topic has come from. Allowing our IPs as exceptions could be the best plan unless disabling basic auth altogether and blocking all access (except for certain fixed IPs including Wordfence and your admins) was a viable option – which it may not be if the IPs of you or other users with access are likely to change.
Thanks again,
Peter.
