* Checks if this site is protected by HTTP Basic Auth.
* At the moment, this merely checks for the present of Basic Auth credentials. Therefore, calling
* this function with a context different from the current context may give inaccurate results.
* In a future release, this evaluation may be made more robust.
* Currently, this is only used by Application Passwords to prevent a conflict since it also utilizes
* @global string $pagenow The filename of the current screen.
* @param string $context The context to check for protection. Accepts 'login', 'admin', and 'front'.
* Defaults to the current context.
* @return bool Whether the site is protected by Basic Auth.
function wp_is_site_protected_by_basic_auth( $context = '' ) {
if ( 'wp-login.php' === $pagenow ) {
} elseif ( is_admin() ) {
$is_protected = ! empty( $_SERVER['PHP_AUTH_USER'] ) || ! empty( $_SERVER['PHP_AUTH_PW'] );
* Filters whether a site is protected by HTTP Basic Auth.
* @param bool $is_protected Whether the site is protected by Basic Auth.
* @param string $context The context to check for protection. One of 'login', 'admin', or 'front'.
return apply_filters( 'wp_is_site_protected_by_basic_auth', $is_protected, $context );
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
