Since I can remember, we've used htpasswd authentication on sites in staging/pre-production to keep search engines and anyone else out. Mostly search engines. Too many ignore robots.txt to rely on that.

Since I can remember, I have struggled to effectively communicate that the htpasswd popup and any CMS login are separate. It's a dual-layer failing because people complain about not being able to log in, and I invariably assume that they're talking about the CMS, so we go looking in the wrong place and then someone will have a lightbulb moment; "do they mean the htpasswd popup?". And, of course, they do.

So, is this a familiar situation to you? Have you solved it? Care to share your solution because it's driving me crazy. There has to be a way to do this.

If you're reading this and you're one of my clients, I want to stress that this is not a complaint about you. I know it's a confusing thing and I wish there was a better way to either do it or communicate it and that's what I'm trying to achieve here. I've had problems in the past with clients thinking I'm subtweeting them (and they're only sometimes right) and taking offence and I don't want that happening here.