diff --git a/README.md b/README.md
index a5f8c9b..a1a09d5 100644
--- a/README.md
+++ b/README.md
@@ -253,14 +253,9 @@ as well as set various fields on the Caddy user object that can be passed to app
 For sites listening only on the Tailscale network interface,
 user access will already be enforced by the tailnet access controls.
 
-Set the [order] directive in your global options to instruct Caddy when to process `tailscale_auth`.
 For example, in a Caddyfile:
 
 ```caddyfile
-{
-  order tailscale_auth after basicauth
-}
-
 :80 {
   tailscale_auth
 }
@@ -294,7 +289,6 @@ You might have something like the following in your Caddyfile:
 When used with a Tailscale listener (described above), that Tailscale node is used to identify the remote user.
 Otherwise, the authentication provider will attempt to connect to the Tailscale daemon running on the local machine.
 
-[order]: https://caddyserver.com/docs/caddyfile/options#order
 [Gitea]: https://docs.gitea.com/usage/authentication#reverse-proxy
 [Grafana]: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/
 
diff --git a/auth.go b/auth.go
index 976d061..63a73b7 100644
--- a/auth.go
+++ b/auth.go
@@ -19,6 +19,7 @@ import (
 func init() {
 	caddy.RegisterModule(Auth{})
 	httpcaddyfile.RegisterHandlerDirective("tailscale_auth", parseAuthConfig)
+	httpcaddyfile.RegisterDirectiveOrder("tailscale_auth", httpcaddyfile.After, "basicauth")
 }
 
 // Auth is an HTTP authentication provider that authenticates users based on their Tailscale identity.
diff --git a/examples/auth.caddyfile b/examples/auth.caddyfile
index b830ffb..f32127c 100644
--- a/examples/auth.caddyfile
+++ b/examples/auth.caddyfile
@@ -5,7 +5,6 @@
 # Run this configuration and then visit <http://caddytest/>.
 
 {
-  order tailscale_auth after basicauth
   tailscale {
     ephemeral # create all nodes as ephemeral
   }
diff --git a/examples/proxyauth.caddyfile b/examples/proxyauth.caddyfile
index 4583a4f..e93a523 100644
--- a/examples/proxyauth.caddyfile
+++ b/examples/proxyauth.caddyfile
@@ -9,7 +9,6 @@
 # and be available at <https://caddytest.your-tailnet.ts.net>.
 
 {
-  order tailscale_auth after basicauth
   tailscale {
     ephemeral # create all nodes as ephemeral
   }