Site Authentication
Introduction
When adding a new site to your AAArdvark Workspace, you might need to configure authentication settings to access protected pages. Setting this up takes two steps, and missing the second is the most common reason a scan still hits a login wall:
- Tell AAArdvark which pages to log in for by editing those pages and turning on “Log in before scanning.”
- Save your site’s login credentials using one of the authentication methods below.
And, don’t worry, you can always update these settings later if needed.
To get started, go to your dashboard and click Add a New Site at the top of the page.
Setting up Site Authentication
AAArdvark allows you to log in before scanning, making it possible to test restricted or members-only content.
You can configure authentication settings for specific pages or apply them site-wide, depending on your needs.
Authentication Methods
AAArdvark offers four authentication methods: HTTP Basic, Login Form, Password Protected, and Custom Header.
HTTP Basic:
This method is often used for development sites that require a login for privacy. Just enter your username, password, and a test URL to verify the credentials.
Login Form:
For sites with a standard login screen, AAArdvark supports cookie-based authentication.
Password Protected:
Select this option if your site is password protected. You’ll need to enter the site password, the URL of your login page, the password selector (which identifies the password input field), and the submit button selector (which identifies the login button on your form).
Custom Header:
If your site uses custom headers for authentication, select this option.
AAArdvark currently supports Cookie Authentication for WordPress, Drupal, and Laravel. If you’d like to see support for another platform, submit a feature request.
To set up this method:
- Site Type:
Select the platform your site is built on, then enter your username and password. - Username/Password:
AAArdvark stores your credentials securely using strong encryption. For added security, we recommend creating a dedicated user account with limited permissions for accessibility scanning.
Custom Login Pages
For Laravel sites with a custom login page, you may need to update the username, password, and submit button selectors to ensure proper functionality.
AAArdvark does not support custom login pages for WordPress and Drupal sites.
Set Which Pages Log in Before Scanning
Saving your credentials tells AAArdvark how to log in. The next step tells it which pages need that login. You can set this per page, so you can mix public and protected pages on the same site.
To turn it on for a page:
- Open the Pages menu in your site’s sidebar.
- Find the page that sits behind your login and click the pencil (Edit) icon in the Actions column.
- In the Editing Page panel, open the Authentication Settings dropdown and choose Log in before scanning. (The default is Do not log in before scanning.) You absolutely need to have already set up the login for the site using the steps above before being able to select the option.
- Click Update.
Repeat for each protected page. If you’re adding pages manually, the New Page Editor has the same Authentication Settings dropdown, so you can set it as you go.
Quick check: if a public page scans fine but a members-only page comes back empty or blocked, it’s almost always a page still set to “Do not log in before scanning.”