A staging site is an identical replica of your website: functionalities, server, cache, databases, etc., everything must be the same. Its goal? To allow you to perform tests and updates before putting them in production and thus to make them visible to your visitors.
Any website, whatever it is, must be secure. We’ve already covered the security of WordPress sites, but what about staging sites?
In this article, we will look at the methods to make your staging site inaccessible to other internet users so that you can do your tests safely.
Why secure your staging site ?
A staging website is only accessible to your team members, or even to yourself if you are a freelancer. However, even if the Internet users are not supposed to go there, it is essential to secure it.
Firstly, because it would be embarrassing if people came across a second version of your site containing false text or had access to your new brand identity that you are preparing in “secret”.
And secondly because from an SEO perspective, your site staging could reduce all your SEO efforts. As an identical replica, you could end up with duplicate content issues if your staging site is indexed by search engines.
For these two main reasons, you need to make sure that your staging site is not indexed and that it is not accessible to other internet users. Let’s see now how to do it…
How to secure your staging site ?
Method 1 : HTTP authentication
This is the best method to secure your staging site.
This HTTP authentication is usually done with a username and a password, this is the so-called Basic method. As soon as a user accesses the url of the staging site, the login credentials are requested.
In case of incorrect credentials, the user is redirected to an error page.
Warning: For this method to be fully secure, it is recommended to use it only if your staging site uses the HTTPS protocol.
The basic http authentication is the most efficient and also the most practical. You will always have access to Google tools to test your site.
Don’t hesitate to call an expert freelancer to set up the HTTP identification on your staging site. Thanks to your .htaccess it will be able to restrict access to your site to tests.
Method 2 : Blocking the robots.txt file
As a reminder, the robots.txt file is a text file placed at the root of your site. It indicates to search engines the pages not to be explored and indexed.
In order for your staging site not to be explored by Google robots, it is necessary to block their access to your pages. To do this, fill in the following code:
User-agent: *
Disallow: /
This second method is not the most efficient:
- It does not prevent third parties from accessing your staging site
- Google can index your test site if it finds links : to prevent this you can fill in
Noindex : /but this directive is not always taken into account - You have to be careful when putting your site in production not to transfer this robots.txt file
Method 3: Use a VPN access
A VPN (Virtual Private Network) is, in good French, a virtual private network. It allows you to connect to a local network and browse the internet through an encrypted connection. This way, your data is secure.
To secure your staging site, the idea is to place it on a closed network, for example that of your company. Anyone with VPN access can access it.
Using a VPN access offers many advantages and seems to be an equally effective method as HTTP authentication. However, some monitoring tools are not always available.
There are other methods to secure your staging site, but we have presented the most common ones, and especially the most effective: HTTP authentication. If possible, this is the one you should use.
Don’t forget: freelance developers can help you secure your staging sites.