diff --git a/server.js b/server.js
index 553997b5f..af8e692b7 100644
--- a/server.js
+++ b/server.js
@@ -109,7 +109,8 @@ app.use(responseTime());
 const server_port = cliArguments.port ?? process.env.SILLY_TAVERN_PORT ?? getConfigValue('port', DEFAULT_PORT);
 const autorun = (cliArguments.autorun ?? getConfigValue('autorun', DEFAULT_AUTORUN)) && !cliArguments.ssl;
 const listen = cliArguments.listen ?? getConfigValue('listen', DEFAULT_LISTEN);
-const enableCorsProxy = cliArguments.corsProxy ?? getConfigValue('enableCorsProxy', DEFAULT_CORS_PROXY)
+const enableCorsProxy = cliArguments.corsProxy ?? getConfigValue('enableCorsProxy', DEFAULT_CORS_PROXY);
+const basicAuthMode = getConfigValue('basicAuthMode', false);
 
 const { DIRECTORIES, UPLOADS_PATH } = require('./src/constants');
 
@@ -121,7 +122,7 @@ const CORS = cors({
 
 app.use(CORS);
 
-if (listen && getConfigValue('basicAuthMode', false)) app.use(basicAuthMiddleware);
+if (listen && basicAuthMode) app.use(basicAuthMiddleware);
 
 app.use(whitelistMiddleware(listen));
 
@@ -515,6 +516,14 @@ const setupTasks = async function () {
     if (listen) {
         console.log('\n0.0.0.0 means SillyTavern is listening on all network interfaces (Wi-Fi, LAN, localhost). If you want to limit it only to internal localhost (127.0.0.1), change the setting in config.yaml to "listen: false". Check "access.log" file in the SillyTavern directory if you want to inspect incoming connections.\n');
     }
+
+    if (basicAuthMode) {
+        const basicAuthUser = getConfigValue('basicAuthUser', {});
+        if (!basicAuthUser?.username || !basicAuthUser?.password) {
+            console.warn(color.yellow('Basic Authentication is enabled, but username or password is not set or empty!'));
+        }
+    }
+
 };
 
 /**
@@ -529,7 +538,7 @@ async function loadPlugins() {
         return cleanupPlugins;
     } catch {
         console.log('Plugin loading failed.');
-        return () => {};
+        return () => { };
     }
 }