Zum Hauptinhalt springen

Password protection

Pro

Restrict access to your docs site with a password. Anyone hitting your URL has to enter the password before they see content.

When to use it

  • Pre-launch. You're building docs for a product that's not public yet.
  • Internal docs. Employee-only content that you still want to be hosted, branded, and searchable like normal docs.
  • Partner-facing docs. Share with select customers who get the password from sales.
  • Beta documentation. A small group of beta testers gets early access.

How to enable

Project settings → PublishingPassword protectionEnable → set a password.

The next time someone visits your docs, they'll see a clean password prompt branded with your logo. Once entered, the password is remembered for 30 days.

What's protected

Every page on your docs site, including:

  • The homepage
  • All doc pages
  • Search index
  • Sitemap.xml
  • llms.txt

Without the password, visitors and bots see only the password prompt. Search engines won't index protected sites.

Sharing the password

You set the password once in settings. There's only one password per project — share it with whoever needs access. Change it in settings any time; existing sessions are NOT invalidated until they expire after 30 days. To invalidate immediately, click Sign out everyone in settings.

Password rotation

Best practice for ongoing protection: rotate the password every 30-90 days. Docsio doesn't enforce rotation; that's up to you.

Multi-password (advanced)

For partner portals where different partners need different passwords (so you can revoke one without affecting others), reach out to support — we have a multi-password setup we can enable on Pro projects.

How it works under the hood

The password check is server-side, before any page content loads. There's no client-side bypass — even direct asset URLs (images, JSON, sitemap) are protected.

Sessions are signed with a secret key tied to your project. If you change the password, existing sessions remain valid until they expire (30 days from last activity). Use Sign out everyone to invalidate immediately.

Free vs Pro

Password protection is Pro-only. On Free, projects are publicly accessible.

Common patterns

  • Soft launch. Enable password protection, share with friends and customers, gather feedback. When ready, disable protection — your site is now public, no rebuild needed.
  • Always-private internal docs. Keep password on indefinitely. Rotate password quarterly.
  • Per-environment. Run two Docsio projects: one production (public), one staging (password-protected). Use GitHub sync to keep them aligned via different branches.