A WordPress plugin that forces all users to authenticate using Basic Authentication before accessing any page on the site.
This plugin implements server-level Basic Authentication for your WordPress site, requiring valid credentials before any page can be accessed. It's particularly useful for:
- Sites that should not be publicly accessible
- Sites under maintenance
- Sites that need an additional layer of security before the WordPress login
Key features:
- Forces Basic Authentication for all requests (except AJAX, CRON, and CLI)
- Integrates with WordPress user database for authentication
- Handles logout functionality properly
- Prevents caching of authentication requests
- Logs failed authentication attempts
- Bypasses authentication for Super Admins in multisite installations
- Redirects authenticated users away from wp-login.php
- WordPress 6.7 or higher
- PHP 8.1 or higher
- Server must support PHP_AUTH_USER and PHP_AUTH_PW server variables (most standard hosting environments do)
This typically means:
- Your credentials are incorrect - verify your WordPress username and password
- Your server is stripping authentication headers - contact your hosting provider
- There may be a caching layer interfering - try clearing all caches
In a multisite installation, Super Admins can bypass the authentication. For single site installations, you would need to modify the plugin code.
- Access your site via FTP/SFTP or file manager
- Rename or delete the
hosting-basic-authenticationfolder in/wp-content/plugins/ - This will deactivate the plugin
This plugin is licensed under the GPL2 license. See the LICENSE file for details.