InMotion Hosting Support Center

In this tutorial:

At times, you may find it best practice to password protect a folder on your account. This can add an extra layer of protection to files you don’t want the general public to have access to. Password protecting a directory can be easily accomplished using the option within cPanel. We will also provide you the instructions on how to remove the password protection after it has been added.

Understanding how password protecting a directory works

It’s important to understand how password protection on a folder works. When you choose to password protect a directory in cPanel, cPanel creates a rule in your .htaccess file. This rule specifies that the folder is protected and the visitor will need to provide the proper username and password to log in and view the files.

Please keep in mind, when you grant access through password protection, you are not only granting access for that folder, but any subfolders located within it. Also, by password protecting a directory and gain access to any subfolders in that directory you must provide the login credentials to do so.

Steps to Password Protect a Directory

  1. Log into cPanel
  2. Go to the Files section and click on the Directory Privacy icon
  3. pass_1

  4. Select the directory you want to password protect and then you will see the Set Permissions screen appear. Here you can provide a name for the folder you're trying to protect.
  5. pass_2

  6. Next, click on the checkbox labeled Password protect the directory. Makes sure you have a name for the folder you are going to protect.
  7. pass_3

  8. Click on Save in order to save the name you have entered for the directory and option to password protect the directory.
  9. pass_4

  10. Next create a user to access the protected directory
  11. pass_6

  12. Click Save in order to save the user that you have edited.

Removing the password protection from a directory

The steps to remove password protection on a directory is a fairly quick and simple process. One reason you might want to password protect a directory and then remove the protection is for testing purposes. Or, if you are finally ready to make the folder open to the public, then you can remove the password protection so that everyone can access the files. The instructions for removing the protection are as follows:

  1. Log into your cPanel
  2. Scroll down to the Security section in the cPanel and then click the Password Protect Directories icon. Choose Web Root if you see a pop-up window, and then click Go
  3. Scroll down the folder list until you see the folder you previously password protected. If the folder is a sub-folder to another one, make sure that you click on the folder icon next to the folder name. If you click on the folder name, the interface will think you're setting protection on that folder. If you do this by accident, simply re-open the password protection interface to get back to the folder list.
  4. When you find the folder that has been password protected, click on the folder name to select it.
  5. Uncheck the box that says "Password protect this directory".
  6. Click on SAVE in order to save your entries.

If you have further questions or need further assistance please feel free to contact our support department.

Support Center Login

Social Media Login

Social Login Joomla

Related Questions

Here are a few questions related to this article that our customers have asked:
Utilizing WordPress on the development site before going Live
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
n/a Points
2014-06-15 2:50 am

How long, if at all, for the changes to take affect and what causes the delays?

40,710 Points
2014-06-15 8:28 am
Hello Steve,

There should be no delays, it should take effect immediately. If you are not seeing it, be sure to clear your browser cache. That can sometimes be the cause of you not seeing the changes immediately.

Kindest Regards,
Scott M
n/a Points
2014-10-14 2:44 am

it shows like if the page does not exist, intead of asking for username and passwords

26,031 Points
2014-10-14 7:53 am
Hello joe,

Thank you for contacting us. I recommend checking the other rules in our .htaccess file, to make sure they are not interfering with the password protection.

We are happy to help, but will need some additional information.

Do other pages load?

Can you provide a link to the page that does not exist?

If you have any further questions, feel free to post them below.

Thank you,
n/a Points
2015-02-20 1:06 pm


I have another situation. I have an ftp. The ftp requires login. Inside the ftp there are folders. I want to give each folder password protection so a user can login to only the assigned folder. This would need to work with ftp clients and browser. Help is greatly appreciated!

10,077 Points
2015-02-20 3:05 pm
Hello Tom,

In order to do this you would need to create different logins for each folder you would like to protect. A FTP account only has access to its document root and any child folders beyond that.

Best Regards,
TJ Edens
n/a Points
2015-04-18 8:04 am

Thanks you... very much...


Waqas Mehmood

n/a Points
2015-05-30 8:35 am

I would like to ask about my subdomain. I wanted to protect my one subdomain because my default wordpress upload media folder is ia a subdomain, it has images, and other files. The images are used for the blogs, How can I protect the subdomain if someone is directly accessing it?

26,031 Points
2015-06-01 11:27 am
Hello Elvis,

Thank you for contacting us. We are happy to help, but it is not clear what you mean.

When you say "someone is directly accessing it" do you mean the images?

Thank you,
n/a Points
2015-06-21 9:31 pm

Hi, I have done this and it does work a treat, However if i shut down the browser, clear the cache on exit and then go back to the website and try and access the protected area it does not prompt me again for the username and password.  Seems like either my browser or the website is remebering that i have already logged in once and is allowing access.

If there a way to clear this and get the webpage to ask for login everytime the protected files are accessed?


26,031 Points
2015-06-22 4:12 pm
Hello Paul,

Thank you for contacting us. Yes, this is a browser setting, clearing the browser cache usually can correct this.

If it is still saving your login passwords after clearing the cache, it is most likely a setting to save passwords in your browser. The steps for clearing this will differ based on what browser you are not using.

For example, if you are using the Chrome browser, this guide explains how to delete a saved password in Chrome.

If you are using Chrome, let us know what browser you are using and we can provide more specific steps.

Thank you,
n/a Points
2015-08-17 6:29 pm

Does this just affect directories/pages, or can a secondary layer of password protection be applied to htaccess?

40,710 Points
2015-08-17 7:15 pm
Hello John,

I'm not quite following. What specifically are you wanting to do?

Kindest Regards,
Scott M
n/a Points
2015-09-01 4:36 am

Good Day Folks!

I am wondering if there is a way to ask the user for login info (for the protected folder) if the user (pc) had been idle for some time.


10,077 Points
2015-09-02 12:14 am
Hello Maniyam,

There is no way to do this easily, not atleast with the password protect directories section to cPanel. Their logins are stored in the session are usually not cleared until the browser is re-opened/closed for a period of time.

Best Regards,
TJ Edens
n/a Points
2015-11-07 2:03 am

In the middle of a work this error pops up. Due to a high number of failed login attempts, access to /administrator/index.php has been blocked by Mod Security.

I need help please

40,710 Points
2015-11-09 7:02 pm
Hello Lamin,

If you are using WordPress, you will want to check out our articles on protecting your WordPress admin login area.

Kindest Regards,
Scott M
n/a Points
2016-03-12 6:57 pm

Can I make lock whole website leaving just the home page.

I want  only homepage with email collector to be visible when the website is in beta phase.

Same time I want to create different pages on the website, but I need visitors and crawler not  to see it.

On the launch day,I want google as well visitors to see all data all together.


Hope I am clear :)

40,710 Points
2016-03-14 5:33 pm
You can restrict each file individually from the htaccess file. You would need the following code for each file:

<Files filename.ext>
Order Allow,Deny
Deny from all
n/a Points
2016-03-25 11:19 am

My questions is from the other side.  I'm looking for a tool that will take a new user's subscripton info (ID/PW) and make the addition to then list so I don't ave to do it manually.  Any suggestons?

10,077 Points
2016-03-25 5:13 pm
Hello Scott,

There is no such tool at this time that does this. However a well versed developer may be able to perform this action.

Best Regards,
TJ Edens

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

25 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?


Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail:
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!