features
features
pricing
pricing
blog
blog
faqs
faqs
reviews
reviews
Get Started - It’s free
Login
Start 7 Day Free Trial
Blog
Education

How to get client feedback on a password-protected staging site without giving them login access.

Written by
Marcel
Published on
February 3, 2026
Table of contents
Heading 2
Share this post

The Problem: Staging Access vs. Review Access

Staging sites are password-protected for good reasons:

  • Search engine exclusion. You don't want Google indexing unfinished work.
  • Client confidentiality. Other clients shouldn't stumble onto work-in-progress.
  • Security. Staging often has test data, debug modes, or relaxed security settings.

But these protections create a problem: How do you let clients review without giving them keys to your infrastructure?

Bad solutions developers often try:

  • Creating temporary WordPress accounts (security risk, cleanup hassle)
  • Sharing the HTTP auth password via email (often gets forwarded or forgotten)
  • Temporarily removing protection (SEO risk, security exposure)
  • Taking screenshots and emailing them (loses interactivity, context problems)

The Solution: Feedback Layer Above the Authentication

Link-based feedback tools solve this by creating a separate access layer:

  1. You authenticate to the staging site when setting up the feedback link
  2. The tool renders the authenticated view in a feedback-enabled wrapper
  3. Clients access the wrapper without ever seeing your credentials

This separation means clients can click around the staging site, view different pages, and pin comments—all without knowing the staging password or having any CMS access.

How It Works with Commentblocks

Step 1: Create a feedback link

Paste your password-protected staging URL into Commentblocks. If the site requires authentication, you'll be prompted to enter credentials once.

Step 2: Share the feedback link

Commentblocks generates a unique URL (e.g., app.commentblocks.com/review/abc123). This URL shows your staging site with a commenting overlay. The original staging password is never exposed.

Step 3: Optionally add link-level protection

For extra security, set a password on the Commentblocks link itself. This password is different from your staging credentials—it's just for accessing the review session.

Step 4: Clients review and comment

Clients click the link, see the staging site, and pin comments directly on elements. They never see login screens, admin panels, or credential prompts.

Comparison: Access Methods for Staging Review

MethodClient Sees CredentialsSecurity RiskSetup TimeCommentblocks linkNoLow2 minutesTemporary CMS accountYes (their own)Medium10+ minutesShared HTTP authYesHigh1 minuteRemove protectionN/AHigh5 minutesScreenshots via emailN/ALow30+ minutes

Security Considerations

What clients CAN do:

  • View rendered pages
  • Navigate the site
  • Pin comments on visible elements
  • See other reviewers' comments

What clients CANNOT do:

  • Access your CMS admin panel
  • View source code or server files
  • Modify content or settings
  • See your staging password

The feedback layer is read-only by design. Even if a client wanted to cause trouble, they can't—they only have access to the visual output, not the underlying system.

Common Mistakes

Sharing screenshots instead of live access. Screenshots don't show hover states, animations, scroll behavior, or responsive layouts. Clients give better feedback when they can interact with the actual site.

Creating "reviewer" accounts in your CMS. Even limited-access accounts are attack vectors. Plus, you need to remember to delete them after the project.

Disabling staging protection during review periods. Search engines can index pages within hours. One "quick review session" can pollute your SEO for months.

Frequently Asked Questions

Does this work with HTTP Basic Authentication?

Yes. Most link-based feedback tools support standard HTTP authentication. You enter credentials once when creating the link, and clients never see them.

What about sites behind VPN or IP restrictions?

Feedback tools need to access the URL to render it. If your staging is behind a VPN, you'd need to whitelist the tool's IP range or use a different protection method during the review phase.

Can clients access the staging site directly after using the feedback link?

No. The feedback link goes to the tool's domain, not your staging URL. Clients would still need credentials to access the original staging URL directly.

What if my staging URL changes frequently?

You'll need to create new feedback links when the URL changes. Some tools offer features to handle URL updates, but a new deploy URL generally means a new feedback link.

Share this post
End the Email Feedback Chaos

Pin comments directly on any website. Your clients finally show you exactly what they mean.

No client signup required
Works on any website
Free to start, no credit card
Start Free Trial
Copied to Clipboard
blog

Blog: Tips & Insights

Tips, strategies, and updates on client management, web development, and product news from the Commentblocks team.

article -
February 7, 2026

How to get client feedback on a password-protected staging site without giving them login access.

Use a link-based feedback tool like Commentblocks that works on top of password-protected URLs without requiring CMS access. You authenticate once when creating the feedback link, and clients access a feedback-enabled version of your staging site through a separate shareable URL. Clients never see your WordPress login, Vercel dashboard, or hosting credentials—they just see the website with a commenting overlay.

article -
February 13, 2026

How to Start Web Design as a Beginner

Every professional web designer was once exactly where you are now—staring at the vast landscape of skills, tools, and possibilities, wondering where to even begin.

article -
February 5, 2026

Website Feedback Tool for Webflow Developers

faq

Frequently Asked Questions

Is my website feedback data secure and private ?
Do I need to install code snippets or browser extensions for Commentblocks?
Can I leave visual feedback on mobile or responsive designs?
How is Commentblocks different from other website feedback tools?
Do clients need to be tech-savvy to use Commentblocks?
Get started within Seconds

Ready to collect feedback the right way?

Everything you need to know about using our AI assistant, from setup to security. Still curious? Drop us a message and we’ll get right back to you.
Get Started - It’s free
Tick Icon
Free 14-Day Trial
Tick Icon
No Credit Card Requires
Tick Icon
Cancel anytime