Protecting your staging and development environments is nearly as important as protecting your production server. There are several ways to do this, including adding modules to your sites or modifying your settings.php file.
Add a module
The preferred method of website protection is to add either the Secure Site module or the Shield module to password protect your website. While both modules offer this basic protection feature, the Search Site module also allows you to restrict access to the website by role.
Because your website requires user authentication, having one of the modules in place prevents search engines and crawlers from indexing your staging or development environments.
For additional information about how to prevent the Shield module from being able to be accidentally enabled on your production environment, see the Password protecting non-production environments article on the Acquia Help Center.
Edit your settings.php
The changes you'll make to your settings.php file depend on whether you're using PHP-FPM or PHP-CGI for your environment. If you're an Acquia Cloud user, know that we're moving to PHP-FPM, but also that you can see which environment you're using by checking the PHP version in use.
If you're hosting your environment with another vendor, you'll have to examine the PHP stack to determine which is in use.
For code examples that you can add to your settings.php file, whether you're using PHP-FPM or PHP-CGI, see the Password protecting non-production environments article on the Acquia Help Center.
