The Authorization Header is Missing

Since WordPress 5.6 we’ve been getting reports that users get an error message like this:

“The Authorization Header is Missing”.

The problem appears to be that Apache does not automatically send authorization headers. If that happens, the header has to be enabled in the virtual host file. I can’t say for sure that is has anything to do with the WordPress 5.6 update, we only noted that users are reporting it since then.

Please note that this has nothing to do with the Really Simple SSL security headers: it’s a server configuration issue. I’ve come across to solutions for this.

One user reported that enabling FastCGI fixed it.

All I had to do was run PHP 7.1.4 FastCGI to fix it.

Previously I was running the non-FastCGI version.

https://wordpress.org/support/topic/the-authorization-header-is-missing/#post-14418938

Another solution I came across, which I would personally prefer, is to adjust the Apache virtual host config file:

# Get rid of the Site Health message on missing authorization header 

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

If you don't know how to adjust your virtual host file, please contact your hosting company about this. 


Simple and Performant Security.
Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate generation.