Staging a new community: Basic Auth breaks WP-Discourse plugin

I am staging Wordpress and Discourse sites (self-hosted) using the WP-Discourse plug-in.

I have successfully enabled HTTP Basic Authentication on both sites to keep them from being accessible until they are ready to go public (effectively blocking access from the general public as well as search engines).

Wordpress (informational for folks looking to accomplish something similar)

• Created .htpasswd file with a user and corresponding password
• Added authentication section to .htaccess
• Example how-to article: https://help.dreamhost.com/hc/en-us/articles/216363187-Password-protecting-your-site-with-an-htaccess-file

Discourse

• Followed these steps to modify app.yml: Restrict access to your Discourse site with HTTP Basic Authentication
• Rebuild configuration: /var/discourse# ./launcher rebuild app

The WP-Discourse plugin works well until basic authentication is enabled on the Discourse server.

(Edit) This is the error in the WP-Discourse plugin log on the Wordpress end: [2025-02-14 18:20:06] connection.INFO: check_connection_status.failed_to_connect {"error":"wpdc_response_error","message":"An invalid response was returned from Discourse","http_code":401,"http_body":"<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization Required</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"}

Any thoughts on how to exclude APIs from requiring HTTP Basic Authentication on Discourse?

Thanks!

Have you though? I’m not entirely sure that Discourse will work behind basic auth; I tried once but gave up. It seems even more likely that it might break wp-discourse (oh, and I was right about that!). If you were successful, you’d not be writing this message.

For Discourse staging sites, I generally just set “login required” and that keeps away search engines. Someone with a login can still log in, but that’s usually what you want.

If it’s unacceptable that your sites are available to anyone then maybe you should use a firewall and limit access to your IP.

Can you tell a basic auth to allow access from the IP of your Discourse server? Perhaps: Allow access from one IP, require basic auth from all other sources - Traefik v2 - Traefik Labs Community Forum

Thanks, this clue helped me solve the issue. Here is the updated basic auth section of app.yml on my Discourse server (no changes were necessary on the Wordpress server):

# basic auth
  after_bundle_exec:
    - replace:
       filename: "/etc/nginx/conf.d/discourse.conf"
       from: "# Allow bypass cache from localhost"
       to: |
            # Allow bypass basic authentication for WP-Discourse plugin
            geo $authentication {
            default "Credentials you must provide.";
            127.0.0.1 "off";
            151.101.3.55/32 "off";
            }
            # Allow bypass cache from localhost
    - replace:
       filename: "/etc/nginx/conf.d/discourse.conf"
       from: "# auth_basic on"
       to: "auth_basic $authentication"
    - replace:
       filename: "/etc/nginx/conf.d/discourse.conf"
       from: "# auth_basic_user_file /etc/nginx/htpasswd"
       to: "auth_basic_user_file /etc/nginx/htpasswd"
    - replace:
       filename: "/etc/nginx/conf.d/discourse.conf"
       from: "location = /srv/status {"
       to: "location = /srv/status {
           auth_basic off;"
    - file:
       path: "/etc/nginx/htpasswd"
       contents: |
         alfred:$apr1$jSdLuHyZ$faWxYGjnmLd/zRC6UMsRs1

151.101.3.55 is the (example) public IP address of my Wordpress server. WP-Discourse now reports: