diff --git a/lib/routes.js b/lib/routes.js
index 3b1fe0ac..4029759f 100644
--- a/lib/routes.js
+++ b/lib/routes.js
@@ -200,6 +200,8 @@ function addSite(router, { providers, sessionStore }, site) {
       const siteControllerConfig = site.dir ? files.tryRequire(site.dir) : {},
         midleware = _.get(siteControllerConfig, 'middleware', null);
 
+      amphoraAuth.useAuth(siteRouter);
+
       if (Array.isArray(midleware)) {
         siteRouter.use(midleware);
       }
@@ -310,7 +312,7 @@ function loadFromConfig(router, providers, sessionStore) {
 
   // iterate through the hosts
   _.each(siteHosts, hostname => {
-    const sites = _.filter(sitesMap, {host: hostname}).sort(sortByDepthOfPath);
+    const sites = _.filter(sitesMap, { host: hostname }).sort(sortByDepthOfPath);
 
     addHost({
       router,
diff --git a/lib/routes.test.js b/lib/routes.test.js
index 1e7aa54f..d96b7820 100644
--- a/lib/routes.test.js
+++ b/lib/routes.test.js
@@ -27,6 +27,7 @@ describe(_.startCase(filename), function () {
     fakeLog = sandbox.stub();
     fakeAuth = sandbox.stub();
     fakeAuth.addRoutes = sandbox.stub();
+    fakeAuth.useAuth = sandbox.stub();
 
     lib.setLog(fakeLog);
     lib.setamphoraAuth(fakeAuth);
@@ -180,6 +181,7 @@ describe(_.startCase(filename), function () {
       return fn(router, { providers: ['ldap'] }, siteStub)
         .then(function () {
           sinon.assert.called(innerRouter.use);
+          sinon.assert.calledWith(fakeAuth.useAuth, innerRouter);
         });
     });
 
diff --git a/lib/services/plugins.js b/lib/services/plugins.js
index 067a00e2..bb0d96b7 100644
--- a/lib/services/plugins.js
+++ b/lib/services/plugins.js
@@ -1,6 +1,7 @@
 'use strict';
 
 const bluebird = require('bluebird'),
+  { useAuth } = require('amphora-auth'),
   db = require('../services/db'),
   sites = require('../services/sites'),
   { getMeta, patchMeta } = require('../services/metadata'),
@@ -24,7 +25,7 @@ function initPlugins(router, site) {
   return bluebird.all(module.exports.plugins.map(plugin => {
     return bluebird.try(() => {
       if (typeof plugin === 'function') {
-        return plugin(router, pluginDBAdapter, publish, sites, site);
+        return plugin(router, pluginDBAdapter, publish, sites, site, useAuth);
       } else {
         log('warn', 'Plugin is not a function');
         return bluebird.resolve();