diff --git a/esphome/components/web_server/__init__.py b/esphome/components/web_server/__init__.py
index 8ead14dcac..695757e137 100644
--- a/esphome/components/web_server/__init__.py
+++ b/esphome/components/web_server/__init__.py
@@ -298,6 +298,7 @@ async def to_code(config):
     if config[CONF_ENABLE_PRIVATE_NETWORK_ACCESS]:
         cg.add_define("USE_WEBSERVER_PRIVATE_NETWORK_ACCESS")
     if CONF_AUTH in config:
+        cg.add_define("USE_WEBSERVER_AUTH")
         cg.add(paren.set_auth_username(config[CONF_AUTH][CONF_USERNAME]))
         cg.add(paren.set_auth_password(config[CONF_AUTH][CONF_PASSWORD]))
     if CONF_CSS_INCLUDE in config:
diff --git a/esphome/components/web_server_base/web_server_base.cpp b/esphome/components/web_server_base/web_server_base.cpp
index e1c2bc0b25..6e7097338c 100644
--- a/esphome/components/web_server_base/web_server_base.cpp
+++ b/esphome/components/web_server_base/web_server_base.cpp
@@ -14,9 +14,11 @@ WebServerBase *global_web_server_base = nullptr;  // NOLINT(cppcoreguidelines-av
 void WebServerBase::add_handler(AsyncWebHandler *handler) {
   // remove all handlers
 
+#ifdef USE_WEBSERVER_AUTH
   if (!credentials_.username.empty()) {
     handler = new internal::AuthMiddlewareHandler(handler, &credentials_);
   }
+#endif
   this->handlers_.push_back(handler);
   if (this->server_ != nullptr) {
     this->server_->addHandler(handler);
diff --git a/esphome/components/web_server_base/web_server_base.h b/esphome/components/web_server_base/web_server_base.h
index a475238a37..cfca776ee1 100644
--- a/esphome/components/web_server_base/web_server_base.h
+++ b/esphome/components/web_server_base/web_server_base.h
@@ -41,6 +41,7 @@ class MiddlewareHandler : public AsyncWebHandler {
   AsyncWebHandler *next_;
 };
 
+#ifdef USE_WEBSERVER_AUTH
 struct Credentials {
   std::string username;
   std::string password;
@@ -79,6 +80,7 @@ class AuthMiddlewareHandler : public MiddlewareHandler {
  protected:
   Credentials *credentials_;
 };
+#endif
 
 }  // namespace internal
 
@@ -108,8 +110,10 @@ class WebServerBase : public Component {
   std::shared_ptr<AsyncWebServer> get_server() const { return server_; }
   float get_setup_priority() const override;
 
+#ifdef USE_WEBSERVER_AUTH
   void set_auth_username(std::string auth_username) { credentials_.username = std::move(auth_username); }
   void set_auth_password(std::string auth_password) { credentials_.password = std::move(auth_password); }
+#endif
 
   void add_handler(AsyncWebHandler *handler);
 
@@ -121,7 +125,9 @@ class WebServerBase : public Component {
   uint16_t port_{80};
   std::shared_ptr<AsyncWebServer> server_{nullptr};
   std::vector<AsyncWebHandler *> handlers_;
+#ifdef USE_WEBSERVER_AUTH
   internal::Credentials credentials_;
+#endif
 };
 
 }  // namespace web_server_base
diff --git a/esphome/components/web_server_idf/web_server_idf.cpp b/esphome/components/web_server_idf/web_server_idf.cpp
index 483fae4f08..40fb015b99 100644
--- a/esphome/components/web_server_idf/web_server_idf.cpp
+++ b/esphome/components/web_server_idf/web_server_idf.cpp
@@ -223,6 +223,7 @@ void AsyncWebServerRequest::init_response_(AsyncWebServerResponse *rsp, int code
   this->rsp_ = rsp;
 }
 
+#ifdef USE_WEBSERVER_AUTH
 bool AsyncWebServerRequest::authenticate(const char *username, const char *password) const {
   if (username == nullptr || password == nullptr || *username == 0) {
     return true;
@@ -261,6 +262,7 @@ void AsyncWebServerRequest::requestAuthentication(const char *realm) const {
   httpd_resp_set_hdr(*this, "WWW-Authenticate", auth_val.c_str());
   httpd_resp_send_err(*this, HTTPD_401_UNAUTHORIZED, nullptr);
 }
+#endif
 
 AsyncWebParameter *AsyncWebServerRequest::getParam(const std::string &name) {
   auto find = this->params_.find(name);
diff --git a/esphome/components/web_server_idf/web_server_idf.h b/esphome/components/web_server_idf/web_server_idf.h
index e8e40ef9b0..76540ef232 100644
--- a/esphome/components/web_server_idf/web_server_idf.h
+++ b/esphome/components/web_server_idf/web_server_idf.h
@@ -115,9 +115,11 @@ class AsyncWebServerRequest {
   // NOLINTNEXTLINE(readability-identifier-naming)
   size_t contentLength() const { return this->req_->content_len; }
 
+#ifdef USE_WEBSERVER_AUTH
   bool authenticate(const char *username, const char *password) const;
   // NOLINTNEXTLINE(readability-identifier-naming)
   void requestAuthentication(const char *realm = nullptr) const;
+#endif
 
   void redirect(const std::string &url);
 
diff --git a/esphome/core/defines.h b/esphome/core/defines.h
index 996dbc7e8d..56de0127a6 100644
--- a/esphome/core/defines.h
+++ b/esphome/core/defines.h
@@ -163,6 +163,7 @@
 #define USE_SPI
 #define USE_VOICE_ASSISTANT
 #define USE_WEBSERVER
+#define USE_WEBSERVER_AUTH
 #define USE_WEBSERVER_OTA
 #define USE_WEBSERVER_PORT 80  // NOLINT
 #define USE_WEBSERVER_SORTING
@@ -210,6 +211,7 @@
   {}
 
 #define USE_WEBSERVER
+#define USE_WEBSERVER_AUTH
 #define USE_WEBSERVER_PORT 80  // NOLINT
 #endif
 
@@ -226,6 +228,7 @@
 #define USE_SOCKET_IMPL_LWIP_SOCKETS
 #define USE_SOCKET_SELECT_SUPPORT
 #define USE_WEBSERVER
+#define USE_WEBSERVER_AUTH
 #define USE_WEBSERVER_PORT 80  // NOLINT
 #endif
 
diff --git a/tests/components/web_server/test.esp32-idf.yaml b/tests/components/web_server/test.esp32-idf.yaml
index 7e6658e20e..24b292d0d6 100644
--- a/tests/components/web_server/test.esp32-idf.yaml
+++ b/tests/components/web_server/test.esp32-idf.yaml
@@ -1 +1,6 @@
 <<: !include common_v2.yaml
+
+web_server:
+  auth:
+    username: admin
+    password: password