diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 4b9e75c56..9df8c4874 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,6 +1,7 @@
 require "application_responder"
 
 class ApplicationController < ActionController::Base
+  before_filter :authenticate
   check_authorization unless: :devise_controller?
   include SimpleCaptcha::ControllerHelpers
   self.responder = ApplicationResponder
@@ -15,6 +16,14 @@ class ApplicationController < ActionController::Base
 
   before_action :ensure_signup_complete
 
+  def authenticate
+    if Rails.env.staging? || Rails.env.production?
+      authenticate_or_request_with_http_basic do |username, password|
+        username == Rails.application.secrets.username && password == Rails.application.secrets.password
+      end
+    end
+  end
+
   rescue_from CanCan::AccessDenied do |exception|
     redirect_to main_app.root_url, alert: exception.message
   end