WPML header conflict with basic auth enabled

Due to frequent DDoS attacks, we operate a WordPress site behind HTTP basic auth and use Simply Static to build to a production server, which is further protected behind Cloudflare. In order to access the pages and build to static, Simply Static is configured with HTTP basic auth credentials.

We also use WPML with the Advanced Translation Editor (ATE) enabled to manage language versions of our site. This conflicts with Simply Static, since both plugins are attempting to modify headers to add conflicting information.

SS: “array(1) { [“Authorization”]=> string(50) “Basic c3RhdGljOlFZbWdzdlF4QXZ1dURyRHJqUEZrRWFZNg==” }”

This collides with the “x-amz-request-id” parameter WPML ATE is using to authorize with AWS and communicate between the translation system and the WordPress installation. This problem had us stuck unable to update our translations for several months until WPML devs (with full access to our server) traced the problem. The workaround is to exclude the server’s own IP in the basic auth configuration, and then disable basic auth configuration in Simply Static.

WPML developers have asked me to reach out to the developer of Simply Static to resolve this conflict. Most of the discussion thread is visible here: https://wpml.org/forums/topic/stuck-translation-in-advanced-translation-editor/ (problem and solution appears on page 3)

The “Go-Global” WPML certification compatibility program for plugin authors is here: https://wpml.org/documentation/theme-compatibility/go-global-program/

A fix from their side might be possible and is being researched, but obviously it would be best if you worked together on this, depending on capacity. Thanks!

The page I need help with: [log in to see the link]