How do I password protect a directory in my control panel (cpanel)?
Click here to watch a video tutorial
At times, you may find it best practice to password protect a folder on your account. This can add an extra layer of protection to files you don’t want the general public to have access to. Password protecting a directory can be easily accomplished using the option within cPanel. We will also provide you the instructions on how to remove the password protection after it has been added.
Understanding how password protecting a directory works
It’s important to understand how password protection on a folder works. When you choose to password protect a directory in cPanel, cPanel creates a rule in your .htaccess file. This rule specifies that the folder is protected and the visitor will need to provide the proper username and password to log in and view the files.
Please keep in mind, when you grant access through password protection, you are not only granting access for that folder, but any subfolders located within it. Also, by password protecting a directory and gain access to any subfolders in that directory you must provide the login credentials to do so.
Steps to Password Protect a Directory
- Log into cPanel
- Find the icon under the Security heading and click on the Password Protect Directories icon
- Select the directory you'd like to navigate to in the pop up window.
- Now, select the directory you wish to password protect. Clicking a folder name will password protect that folder. If you want to password protect a subfolder, click on the folder icon next to it's name, then select your appropriate folder.
- Once you have selected a folder to password protect a screen will appear with settings you'll need to configure. When finished save the settings and "new" user you create.
- Now, when you visit the site in your web browser you'll be prompted with a login screen for that directory.
Removing the password protection from a directory
The steps to remove password protection on a directory is a fairly quick and simple process. One reason you might want to password protect a directory and then remove the protection is for testing purposes. Or, if you are finally ready to make the folder open to the public, then you can remove the password protection so that everyone can access the files. The instructions for removing the protection are as follows:
- Log into your cPanel
- Scroll down to the Security section in the cPanel and then click the Password Protect Directories icon. Choose Web Root if you see a pop-up window, and then click Go
- Scroll down the folder list until you see the folder you previously password protected. If the folder is a sub-folder to another one, make sure that you click on the folder icon next to the folder name. If you click on the folder name, the interface will think you're setting protection on that folder. If you do this by accident, simply re-open the password protection interface to get back to the folder list.
- When you find the folder that has been password protected, click on the folder name to select it.
- Uncheck the box that says "Password protect this directory".
- Click on SAVE in order to save your entries.
If you have further questions or need further assistance please feel free to contact our support department.
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!
2014-06-15 2:50 am
How long, if at all, for the changes to take affect and what causes the delays?
2014-06-15 8:28 am
There should be no delays, it should take effect immediately. If you are not seeing it, be sure to clear your browser cache. That can sometimes be the cause of you not seeing the changes immediately.
2014-10-14 2:44 am
it shows like if the page does not exist, intead of asking for username and passwords
2014-10-14 7:53 am
Thank you for contacting us. I recommend checking the other rules in our .htaccess file, to make sure they are not interfering with the password protection.
We are happy to help, but will need some additional information.
Do other pages load?
Can you provide a link to the page that does not exist?
If you have any further questions, feel free to post them below.