One of the first things I do with my client staging site is to restrict them with a WordPress plugin called Restricted Site Access. This lets me allow by IP address who can see the site without logging in. That way clients can see the site while we test it without the world seeing it or messing with their SEO because of duplicate content.

Today we’re going to restrict access to our demo Statamic site by IP address to duplicate that functionality from WordPress.

Since the docs on the Statamic site are currently wrong you can see the proper version of the yaml syntax below.

protect:
  type: ip_address
  ip_address:
    allowed:
      - 127.0.0.1

This code goes in site/settings/system.yaml