WP Engine Products

WordPress Hosting

Boost performance while managing less

WooCommerce Hosting

Build faster and sell more with WooCommerce

Agency and Client Management

Automate client billing, reporting, & more

Headless WordPress

Build, deploy, and manage headless sites

View More Products

Solutions

Small Businesses

Enterprises

Agencies

eCommerce

View More Solutions

Website Tools

Smart Plugin Manager

Website Tester

Website Monitoring

WordPress Themes and Tools

Local WordPress Development

Featured Plugins

Advanced Custom Fields

Build rich, custom content editing experiences

WP Migrate

Migrate WordPress sites with confidence

WP Offload Media

Offload media assets & serve them lightning fast

WP Offload SES

Improve email send reliability with Amazon SES

View More Recommended Plugins

WordPress Resources

WP Engine Resources

Articles and videos for help with WordPress

WP Engine Help Docs

Guides for site setup & troubleshooting

Free Website Migration

Automated migration plugin & support

Find a WordPress Agency

Need help? Search our agency directory

Stay Connected

WP Engine Blog

Builder Community

Headless Developer Community

Torque Magazine

Velocitize Magazine

Thought Leadership

Velocitize Talks

Erik Posthuma of Aleph-labs on Web3, Cryptocurrency, & More

Podcast

Press This, the WordPress Community Podcast

Study

The World’s First Study of the WordPress Economy

Why WP Engine?

Our Platform Technology

Managed WordPress Hosting

Fast WordPress

Secure WordPress

24/7 WordPress Support

About Us

WP Engine Reviews

How You Win with WP Engine

Build faster, protect your brand, and grow your business with the #1 WordPress platform to power remarkable online experiences.

Learn More

Customer Spotlight

Peak Performance With Headless WordPress

Android Authority increases speed 6x by adopting a headless architecture with a WordPress back-end.

All Case Studies

Contact sales

Call Us

1-877-973-6446 to talk to a sales expert

Request a Quote

Submit a request for a personalized plan recommendation

Let’s Chat

Customer Support

Support Articles

Billing Help

Password Help

Log In for Support
Easiest Migration Ever!

Need Help Choosing a Plan?

We offer solutions for businesses of all sizes. For questions about our plans and products, contact our team of experts. Get in touch

Support Center
Setup A Site
Account & Features
Platform Information
WordPress Help
Troubleshoot
Browse All

Block/Unblock Traffic to a Website

Last updated on September 16th, 2021

security

It’s common to want to block traffic to a website, or to only want a few select people to be able to view a site, especially during times like development. You can enable WP Engine’s “password protection” for any environment, allowing your team to develop and review your site before going live.

This feature uses basic access authentication (or “basic auth”) which simply requires a username and a password. The message and styling of the authentication fields may vary by browser, but typically appears as a login pop-up prompt when viewing any page on your website.

Table of Contents
1. Block/Unblock Traffic
2. Update Password for Password Protection
3. Unblock Traffic
4. Common Issues

Block/Unblock Traffic

Also known as “password protecting” a website, blocking and unblocking traffic will be enabled through a toggle in the User Portal.

  1. Log in to the User Portal
  2. Click on the environment name you wish to enable password protection on
  3. Click Utilities
  4. Locate the section Block traffic/unblock
  5. Click the toggle for the environment you’d like to protect

NOTE: “legacy staging” here refers to legacy 1-click staging and not the same Staging environment you may normally see within your User Portal.

After saving, additional fields for username and password will appear. Use these credentials to view to your site.

As it is enabled at a server level, password protection does not interact with your actual WordPress admin login credentials.

Once you’ve entered the password protection credentials, you will still need to log in to the WordPress admin dashboard separately.

Update Password for Password Protection

  1. Log in to the User Portal
  2. Click on the environment name you wish to change the password protection on
  3. Click Utilities
  4. Locate the section called Block traffic/unblock
  5. Click the pencil icon next to the password
  6. Update your password
  7. Click Save

NOTE: Usernames cannot be changed.

Unblock Traffic

Traffic can be unblocked in a similar way to blocking it, by disabling password protection through the User Portal. Be aware that password protection cannot be disabled on “transferable” sites/environments. A transferable site must first be unlocked or transferred to remove password protection.

  1. Log in to the User Portal
  2. Click on the environment name you wish to disable password protection on
  3. Click Utilities
  4. Locate the section Block/Unblock Traffic
  5. Disable the toggle for the environment

NOTE: “legacy staging” here refers to legacy 1-click staging and not the same Staging environment you may normally see within your User Portal.

Common Issues

I can’t change the username

The username for password protection is always your environment name. This username cannot be changed.

I get multiple login prompts

Some users may be prompted to enter the username and password more than one time in order to view the site. This can occur when you have content or assets loading from more than one domain. For example, you might have images at myenvironment.wpestaging.qa/image.jpg as well as www.mycoolsite.com/image2.jpg.

To avoid this, ensure your assets’ paths utilize only a single domain, or use relative paths in your site’s code. A search and replace may help correct your site’s database. Disabling plugins and changing theme may be necessary as well until the conflict is resolved in the code.

My password isn’t working

Did you recently copy or deploy your site? You may have references to the previous domain in your site which is causing a conflict. You may even see the incorrect domain in the password protection popup.
Try running a search and replace on your database to the current domain, or disabling plugins and changing the theme.

Do not use a CDN with password protection enabled

Most CDN offerings will be unable to collect and assets as your site cannot be loaded without providing credentials. Leave CDN disabled until password protection is removed.

How do I run a performance test on my site while using password protection?

A third party performance tool will need to be able to access your site to test the speed. This means you need to seek out a test that allows testing behind basic authentication. This feature typically requires an account be created with the test service.

My API cannot connect with basic authentication enabled

You must pass your password protection credentials on to any service that requires connecting to the site during the time the site is password protected.

NEXT STEP: How to unlock or transfer a transferable site

Enterprise-grade security and performance for all

Global Edge Security provides a managed web application firewall (WAF), advanced DDOS mitigation, CDN, and automatic SSL installation all powered by Cloudflare.

Get the add-on

Talk to a specialist