InMotion Hosting Support Center

At times, you may find it best practice to password protect a folder on your account. This can add an extra layer of protection to files you don�t want the general public to have access to. Password protecting a directory can be easily accomplished using the option within cPanel. We will also provide you the instructions on how to remove the password protection after it has been added.

Understanding how password protecting a directory works

It�s important to understand how password protection on a folder works. When you choose to password protect a directory in cPanel, cPanel creates a rule in your .htaccess file. This rule specifies that the folder is protected and the visitor will need to provide the proper username and password to log in and view the files.

Please keep in mind, when you grant access through password protection, you are not only granting access for that folder, but any subfolders located within it. Also, by password protecting a directory and gain access to any subfolders in that directory you must provide the login credentials to do so.

Steps to Password Protect a Directory

  1. Log into cPanel
  2. Go to the Files section and click on the Directory Privacy icon
  3. pass_1

  4. Select the directory you want to password protect and then you will see the Set Permissions screen appear. Here you can provide a name for the folder you're trying to protect.
  5. pass_2

  6. Next, click on the checkbox labeled Password protect the directory. Makes sure you have a name for the folder you are going to protect.
  7. pass_3

  8. Click on Save in order to save the name you have entered for the directory and option to password protect the directory.
  9. pass_4

  10. Create a user to access the protected directory
  11. Click Save in order to save the user that you have edited.
  12. pass_6

Removing the password protection from a directory

The steps to remove password protection on a directory is a fairly quick and simple process. One reason you might want to password protect a directory and then remove the protection is for testing purposes. Or, if you are finally ready to make the folder open to the public, then you can remove the password protection so that everyone can access the files. The instructions for removing the protection are as follows:

  1. Log into your cPanel
  2. Scroll down to the Security section in the cPanel and then click the Password Protect Directories icon. Choose Web Root if you see a pop-up window, and then click Go
  3. Scroll down the folder list until you see the folder you previously password protected. If the folder is a sub-folder to another one, make sure that you click on the folder icon next to the folder name. If you click on the folder name, the interface will think you're setting protection on that folder. If you do this by accident, simply re-open the password protection interface to get back to the folder list.
  4. When you find the folder that has been password protected, click on the folder name to select it.
  5. Uncheck the box that says "Password protect this directory".
  6. Click on SAVE in order to save your entries.

If you have further questions or need further assistance please feel free to contact our support department.

Support Center Login

Our Login page has moved, Click the button below to be taken to the login page.

Social Media Login

   
Social Login Joomla

Related Questions

Here are a few questions related to this article that our customers have asked:
Utilizing WordPress on the development site before going Live
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
2017-02-02 7:27 pm
What cPanel directories can I safely password protect in the /home/user/ area of your account (not the public_html area)?

I don't use any of the packages (SQL, WordPress, etc.) and would prefer to lock them from access by hackers. Would that cause any problems with the operation of my domain?

And can I delete the /home/user/tmp subfolders/files as well? It seems to contain mostly mail-related files and I presume it would be recreated if needed?

I am moving from my old host because they don't seem to care about security and don't respond to tickets. They told me not to change "anything" above public_html, even after I was hacked due to them NOT enabling mod_userdir protection so I ended up with ~user/files in my public area (that's what I was told by specialists at Google Webmasters help/forum).

I would like to lock down access as much as possible except for the web pages we provide, particularly PHP as we don't use that either.
Staff
2,858 Points
2017-02-03 10:22 am
Geckohale, there is really no reason to password protect your cPanel or miscellaneous directories that are not in one of your web root directories. The .htaccess password protection only affects web-accessible files, and folders. There is no way of password protecting individual files or folders from command line access, apart from limiting access by user, which is already done.

As to removing the 'tmp' folder or other similar folders, we do not recommend removing the folder, but if you don't need the contents of the folder they should be safe to be removed. Some web applications and functions like WordPress depend on the 'tmp' directory, and will cause errors if the folder is missing, or has incorrect permissions.
n/a Points
2017-01-18 7:17 am

I am looking for a way to password protect the homepage for my members so that once logged in they are pretty much unrestricted where they can go as my website will be a valuable resource but for members only.

Regards,

 

Mark

 

Staff
13,791 Points
2017-01-18 9:01 am
I'd suggest looking for a membership plugin. What is your website built with?
n/a Points
2017-02-05 8:58 am

Yep - that was the way to go. The plugin works a treat. Many thanks.

n/a Points
2016-06-07 7:45 pm

Hi! We've just recently started uploading and testing our new site. The site will contain "publicly viewable pages" and "member only, login required pages." We've tried a program to handle the access, but have been very disappointed in it. So, my question is:

Is this possible to do through the CPanel? :

We'd like to make it so that when the visitor lands on a public page, they will need to login (either via a login box on the page or by virtue of trying to enter a member only page via the address bar) to get further into the "member area." Once they are in the member area, we'd like them to be able to go to any other protected member area without having to login each time they go to the new page.

If we protect each member page individually, will the member have to log in to every page individually? Is there a way to check if the member has already entered with the required login so that they can enter without logging into each page?

Hope that's clear :)

Thank you,

Linda

Staff
9,924 Points
2016-06-07 9:25 pm
If you password-protect a directory with the method provided in this article your members will have access to the files within the directory and not need to log in to view each file.
n/a Points
2017-05-06 1:41 pm

I'm responding to an "answer" from mid 2016 and now it is May 2017. The directions on this page DO NOT WORK. The cPanel in these instructions and my cPanel don't even look the same. All I am trying to do is make it so that a FEW people I give a password to will be able to get to my "under-construction" site to see how I'm doing with it. These instructions don't work because apparently they are not up to date. Please REWRITE these instructions. Thank you.

Staff
43,761 Points
2017-05-08 2:51 pm
I followed the instructions exactly as published on my server and it worked fine. The only difference is that the settings form appears on a new screen instead of a popup, but it was visually and functionally the same.
What specific step are you stuck on?
n/a Points
2016-05-17 8:51 am

Hay All,

I did same as shown in figures but when i am opening that page it does not shows any page and browser shows page not redirected properly.

I am using godaddy shared hosting.

I have seen lots of website for this solution but none i found helpfull for me all have same content and same solution.

kindly any one can give help

Staff
9,924 Points
2016-05-17 12:40 pm
Have you tried removing the password protection and adding it again? Are you getting an error that says page is not re-directing properly?
n/a Points
2016-03-25 11:19 am

My questions is from the other side.  I'm looking for a tool that will take a new user's subscripton info (ID/PW) and make the addition to then list so I don't ave to do it manually.  Any suggestons?

Staff
10,077 Points
2016-03-25 5:13 pm
Hello Scott,

There is no such tool at this time that does this. However a well versed developer may be able to perform this action.

Best Regards,
TJ Edens
n/a Points
2016-03-12 6:57 pm

Can I make lock whole website leaving just the home page.

I want  only homepage with email collector to be visible when the website is in beta phase.

Same time I want to create different pages on the website, but I need visitors and crawler not  to see it.

On the launch day,I want google as well visitors to see all data all together.

 

Hope I am clear :)

Staff
43,761 Points
2016-03-14 5:33 pm
You can restrict each file individually from the htaccess file. You would need the following code for each file:

<Files filename.ext>
Order Allow,Deny
Deny from all
</Files>
n/a Points
2015-11-07 2:03 am

In the middle of a work this error pops up. Due to a high number of failed login attempts, access to /administrator/index.php has been blocked by Mod Security.

I need help please

Staff
43,761 Points
2015-11-09 7:02 pm
Hello Lamin,

If you are using WordPress, you will want to check out our articles on protecting your WordPress admin login area.

Kindest Regards,
Scott M
n/a Points
2015-09-01 4:36 am

Good Day Folks!

I am wondering if there is a way to ask the user for login info (for the protected folder) if the user (pc) had been idle for some time.

Thanks!

Staff
10,077 Points
2015-09-02 12:14 am
Hello Maniyam,

There is no way to do this easily, not atleast with the password protect directories section to cPanel. Their logins are stored in the session are usually not cleared until the browser is re-opened/closed for a period of time.

Best Regards,
TJ Edens
n/a Points
2015-08-17 6:29 pm

Does this just affect directories/pages, or can a secondary layer of password protection be applied to htaccess?

Staff
43,761 Points
2015-08-17 7:15 pm
Hello John,

I'm not quite following. What specifically are you wanting to do?

Kindest Regards,
Scott M
n/a Points
2015-06-21 9:31 pm

Hi, I have done this and it does work a treat, However if i shut down the browser, clear the cache on exit and then go back to the website and try and access the protected area it does not prompt me again for the username and password.  Seems like either my browser or the website is remebering that i have already logged in once and is allowing access.

If there a way to clear this and get the webpage to ask for login everytime the protected files are accessed?

Thanks

Staff
30,264 Points
2015-06-22 4:12 pm
Hello Paul,

Thank you for contacting us. Yes, this is a browser setting, clearing the browser cache usually can correct this.

If it is still saving your login passwords after clearing the cache, it is most likely a setting to save passwords in your browser. The steps for clearing this will differ based on what browser you are not using.

For example, if you are using the Chrome browser, this guide explains how to delete a saved password in Chrome.

If you are using Chrome, let us know what browser you are using and we can provide more specific steps.

Thank you,
John-Paul
n/a Points
2015-05-30 8:35 am

I would like to ask about my subdomain. I wanted to protect my one subdomain because my default wordpress upload media folder is ia a subdomain, it has images, and other files. The images are used for the blogs, How can I protect the subdomain if someone is directly accessing it?

Staff
30,264 Points
2015-06-01 11:27 am
Hello Elvis,

Thank you for contacting us. We are happy to help, but it is not clear what you mean.

When you say "someone is directly accessing it" do you mean the images?

Thank you,
John-Paul
n/a Points
2015-04-18 8:04 am

Thanks you... very much...

 

Waqas Mehmood

n/a Points
2015-02-20 1:06 pm

Hi

I have another situation. I have an ftp. The ftp requires login. Inside the ftp there are folders. I want to give each folder password protection so a user can login to only the assigned folder. This would need to work with ftp clients and browser. Help is greatly appreciated!

Staff
10,077 Points
2015-02-20 3:05 pm
Hello Tom,

In order to do this you would need to create different logins for each folder you would like to protect. A FTP account only has access to its document root and any child folders beyond that.

Best Regards,
TJ Edens
n/a Points
2014-10-14 2:44 am

it shows like if the page does not exist, intead of asking for username and passwords

Staff
30,264 Points
2014-10-14 7:53 am
Hello joe,

Thank you for contacting us. I recommend checking the other rules in our .htaccess file, to make sure they are not interfering with the password protection.

We are happy to help, but will need some additional information.

Do other pages load?

Can you provide a link to the page that does not exist?

If you have any further questions, feel free to post them below.

Thank you,
John-Paul
n/a Points
2014-06-15 2:50 am

How long, if at all, for the changes to take affect and what causes the delays?

Staff
43,761 Points
2014-06-15 8:28 am
Hello Steve,

There should be no delays, it should take effect immediately. If you are not seeing it, be sure to clear your browser cache. That can sometimes be the cause of you not seeing the changes immediately.

Kindest Regards,
Scott M

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

37 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!