sites_shield
No security coverage
Sites shield adds an HTTP Basic-Auth gate to individual sites managed by the
Sites module. Each site defines
its own username and password; visitors must authenticate before any page — including
403 and 404 responses — is served. It is the per-site equivalent of the
Shield module, ideal for hiding
staging or pre-launch sites from search engines and casual visitors.
Features
- Per-site username and password, configured right on the site edit form
- Protects every response, including error pages, by running before routing
- Passwords stored hashed via Drupal's password service
- Basic-auth requests excluded from the page cache, so protected pages never leak
- "Skip sites_shield auth" permission to let trusted roles through
- Accepts the standard Authorization header, PHP_AUTH_USER/PW, or a custom sites-shield header
Requirements
Drupal 11.2+ and the Sites module.
Getting started
Edit any site provided by Sites, open the Sites shield section, and set
a user and password. Leave the user empty to disable the shield for that site.