We want to password protect a WordPress development site but allow unauthenticated access to the wp-json/ path. Hosting platform is Plesk with Apache 2.4. We’ll assume the domain is “acme.com” and the assigned IP is “w.x.y.z”.
There are probably better ways to accomplish the goal but this approach seems to work.
Step 1. – In Plesk add a Protected Directory named “/donotremove” and add appropriate user/passwords.
Step 2. – In Plesk on the “Apache & nginx Setting” screen under “Additional nginx directives” add the following:
1 2 3 4 5 6 7 8 9 |
location ~ /wp-json { proxy_set_header AUTH_OVERRIDE true; proxy_pass http://w.x.y.z:7080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Accel-Internal /internal-nginx-static-location; access_log on; } |
Step 3. – In Plesk on the “Apache & nginx Setting” screen under “Additional directives for HTTP” and “Additional directives for HTTPS” add the following:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
<Directory "/var/www/vhosts/acme.com/httpdocs" > # set an environment variable if there is an AUTH_OVERRIDE header SetEnvIf AUTH_OVERRIDE ^true AUTH_REQUEST # basic auth AuthName "Dev Login" AuthType Basic # password file is maintained from Plesk AuthUserFile /var/www/vhosts/system/acme.com/pd/d..httpdocs@donotremove <RequireAny> # require login Require valid-user # allow request if the environment variable is set Require env AUTH_REQUEST </RequireAny> </Directory> |