Log inSign up

Password protection

Control public access to your environment with HTTP Basic Authentication for staging and development workflows.

Log in to see the link here.

When enabled, visitors must enter a username and password before accessing any page on your website. It applies to all domains routed to the environment.

# Use cases

  • Staging environments: Protect environments from public access while allowing stakeholders and team members to review content before going live.
  • Development workflows: Restrict access during development to prevent search engine indexing and public access to work-in-progress features.
  • Client previews: Share protected environments with clients for review without public access.
  • Content preparation: Protect environments during content updates, data imports, or major changes.

# Configuration

  • Enable/disable: Toggle protection without losing configured credentials.
  • Username and password: Set custom credentials independent of your fortrabbit account.

Each environment has its own password protection settings, allowing different access controls across environments.

# How it works

Password protection uses HTTP Basic Authentication (HTTP-auth) to restrict public access via HTTP to your environment. it:

  • Shows a browser authentication dialog to visitors
  • Persists authentication for the browser session
  • Protects all pages, assets, and API endpoints
  • Prevents search engine indexing

# Considerations

  • Security level: Provides basic access control suitable for preventing casual access, not high-security protection.
  • SEO impact: Password-protected environments are not indexed by search engines.
  • Team access: Share credentials securely with team members and stakeholders.
  • Production use: Consider user experience impact before enabling on live websites.

# Technical details

Password protection is implemented at the web server level before your application code executes, ensuring consistent protection across all content. The authentication header is available to your application for additional logic if needed.

# Alternatives

Username/password can also be configured through .htaccess instead of the dashboard setting. Some software systems also offer settings or plugins for that.

Found a tpyo?Edit

Software

Solutions

Hosting guide

Company

Contact us

Docs

Status