InMotion Hosting Support Center

In this Tutorial:

At times, you may find it best practice to password protect a folder on your account. This can add an extra layer of protection to files you do not want the general public to have access to. Password protecting a directory can be easily accomplished using the option within cPanel. In this guide, you can learn how to add and remove password protection on a directory, using cPanel.

How Does Password Protection Work?

It is important to understand how password protection on a folder works. When you choose to password protect a directory in cPanel, cPanel creates a rule in your .htaccess file. This rule specifies that the folder is protected and the visitor will need to provide the proper username and password to log in and view the files within it.

Add Password Protection

  1. Log into cPanel.

  2. Click on this image to enlarge screenshot

    Go to the Files section and click on the Directory Privacy icon.

  3. Click on this image to enlarge screenshot

    Select the directory you want to password protect and then you will see the Set permissions for "/home/exampl3/directory/" screen appear.

  4. Click on the checkbox labeled "Password protect this directory:".

  5. Click on the image to enlarge screenshot.

    Type a name for the folder you are trying to protect in the field labeled "Enter a name for the protected directory:".

  6. Click on the image to enlarge screenshot.

    Click the Save button to save the name you have entered for the directory and option to password protect the directory.

  7. Create a user to grant access to the protected directory by typing the credentials into the Username, New Password and Confirm Password fields.

  8. Click on the image to enlarge screenshot.

    Click Save in order to save the credentials that you have entered.

Remove Password Protection

The steps to remove password protection on a directory are fairly quick and simple. One reason you might want to password protect a directory and then remove the protection is for testing purposes. Or, if you are finally ready to make the folder open to the public, then you can remove the password protection so that everyone can access the files in the directory. The instructions below are the steps for removing the password protection.

  1. Log into your cPanel.

  2. Scroll down to the Files section in your cPanel and then click the Directory Privacy icon.

  3. Select the directory from the list of folders that you want to remove password protection for. The directory should appear with a lock in front of it if it is currently password protected.

  4. Uncheck the box that says "Password protect this directory".

  5. Finally, click the Save button.

If you have further questions or need further assistance please feel free to contact our Live Technical Support.

Was this article helpful?

Related Questions

Here are a few questions related to this article that our customers have asked:
Utilizing WordPress on the development site before going Live
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Forum Login

You are NOT logged in. You can still browse our Support Center.

To participate within our Community Support Forum:

n/a Points
2018-01-23 1:13 pm

I would like to protect two different subdirectories - one called member and one called trial and connect both of them to one Login box on the main page of directory. Is this possible to do?

11,043 Points
2018-01-23 2:33 pm
If I understand your query accurately, I don't think you can accomplish that with this method, but you might be able to shorthand it by using the same username and password. Unless, you don't want these directories to have the same credentials.

The best way, or a more substantial way, of doing what you need would be coding. For example, you could use conditional PHP statements to redirect users to either member or trial sections.
n/a Points
2017-02-08 10:18 am

I had to remove the password in wp-admin because of Wordfence but would like to keep the rest of the folders secured such as wp-themes and content. Would this be affected by the admin password removal?

43,761 Points
2017-02-08 12:18 pm
I cannot say for sure as I have never tried that, but it is worth setting up in those folders to test it. You can always delete them if they cause an issue.
2017-02-02 7:27 pm
What cPanel directories can I safely password protect in the /home/user/ area of your account (not the public_html area)?

I don't use any of the packages (SQL, WordPress, etc.) and would prefer to lock them from access by hackers. Would that cause any problems with the operation of my domain?

And can I delete the /home/user/tmp subfolders/files as well? It seems to contain mostly mail-related files and I presume it would be recreated if needed?

I am moving from my old host because they don't seem to care about security and don't respond to tickets. They told me not to change "anything" above public_html, even after I was hacked due to them NOT enabling mod_userdir protection so I ended up with ~user/files in my public area (that's what I was told by specialists at Google Webmasters help/forum).

I would like to lock down access as much as possible except for the web pages we provide, particularly PHP as we don't use that either.
2,858 Points
2017-02-03 10:22 am
Geckohale, there is really no reason to password protect your cPanel or miscellaneous directories that are not in one of your web root directories. The .htaccess password protection only affects web-accessible files, and folders. There is no way of password protecting individual files or folders from command line access, apart from limiting access by user, which is already done.

As to removing the 'tmp' folder or other similar folders, we do not recommend removing the folder, but if you don't need the contents of the folder they should be safe to be removed. Some web applications and functions like WordPress depend on the 'tmp' directory, and will cause errors if the folder is missing, or has incorrect permissions.
n/a Points
2017-01-18 7:17 am

I am looking for a way to password protect the homepage for my members so that once logged in they are pretty much unrestricted where they can go as my website will be a valuable resource but for members only.





13,821 Points
2017-01-18 9:01 am
I'd suggest looking for a membership plugin. What is your website built with?
n/a Points
2017-02-05 8:58 am

Yep - that was the way to go. The plugin works a treat. Many thanks.

n/a Points
2016-06-07 7:45 pm

Hi! We've just recently started uploading and testing our new site. The site will contain "publicly viewable pages" and "member only, login required pages." We've tried a program to handle the access, but have been very disappointed in it. So, my question is:

Is this possible to do through the CPanel? :

We'd like to make it so that when the visitor lands on a public page, they will need to login (either via a login box on the page or by virtue of trying to enter a member only page via the address bar) to get further into the "member area." Once they are in the member area, we'd like them to be able to go to any other protected member area without having to login each time they go to the new page.

If we protect each member page individually, will the member have to log in to every page individually? Is there a way to check if the member has already entered with the required login so that they can enter without logging into each page?

Hope that's clear :)

Thank you,


11,043 Points
2016-06-07 9:25 pm
If you password-protect a directory with the method provided in this article your members will have access to the files within the directory and not need to log in to view each file.
n/a Points
2017-05-06 1:41 pm

I'm responding to an "answer" from mid 2016 and now it is May 2017. The directions on this page DO NOT WORK. The cPanel in these instructions and my cPanel don't even look the same. All I am trying to do is make it so that a FEW people I give a password to will be able to get to my "under-construction" site to see how I'm doing with it. These instructions don't work because apparently they are not up to date. Please REWRITE these instructions. Thank you.

43,761 Points
2017-05-08 2:51 pm
I followed the instructions exactly as published on my server and it worked fine. The only difference is that the settings form appears on a new screen instead of a popup, but it was visually and functionally the same.
What specific step are you stuck on?
n/a Points
2016-05-17 8:51 am

Hay All,

I did same as shown in figures but when i am opening that page it does not shows any page and browser shows page not redirected properly.

I am using godaddy shared hosting.

I have seen lots of website for this solution but none i found helpfull for me all have same content and same solution.

kindly any one can give help

11,043 Points
2016-05-17 12:40 pm
Have you tried removing the password protection and adding it again? Are you getting an error that says page is not re-directing properly?
n/a Points
2016-03-25 11:19 am

My questions is from the other side.  I'm looking for a tool that will take a new user's subscripton info (ID/PW) and make the addition to then list so I don't ave to do it manually.  Any suggestons?

10,077 Points
2016-03-25 5:13 pm
Hello Scott,

There is no such tool at this time that does this. However a well versed developer may be able to perform this action.

Best Regards,
TJ Edens
n/a Points
2016-03-12 6:57 pm

Can I make lock whole website leaving just the home page.

I want  only homepage with email collector to be visible when the website is in beta phase.

Same time I want to create different pages on the website, but I need visitors and crawler not  to see it.

On the launch day,I want google as well visitors to see all data all together.


Hope I am clear :)

43,761 Points
2016-03-14 5:33 pm
You can restrict each file individually from the htaccess file. You would need the following code for each file:

<Files filename.ext>
Order Allow,Deny
Deny from all
n/a Points
2015-11-07 2:03 am

In the middle of a work this error pops up. Due to a high number of failed login attempts, access to /administrator/index.php has been blocked by Mod Security.

I need help please

43,761 Points
2015-11-09 7:02 pm
Hello Lamin,

If you are using WordPress, you will want to check out our articles on protecting your WordPress admin login area.

Kindest Regards,
Scott M
n/a Points
2015-09-01 4:36 am

Good Day Folks!

I am wondering if there is a way to ask the user for login info (for the protected folder) if the user (pc) had been idle for some time.


10,077 Points
2015-09-02 12:14 am
Hello Maniyam,

There is no way to do this easily, not atleast with the password protect directories section to cPanel. Their logins are stored in the session are usually not cleared until the browser is re-opened/closed for a period of time.

Best Regards,
TJ Edens
n/a Points
2015-08-17 6:29 pm

Does this just affect directories/pages, or can a secondary layer of password protection be applied to htaccess?

43,761 Points
2015-08-17 7:15 pm
Hello John,

I'm not quite following. What specifically are you wanting to do?

Kindest Regards,
Scott M
n/a Points
2015-06-21 9:31 pm

Hi, I have done this and it does work a treat, However if i shut down the browser, clear the cache on exit and then go back to the website and try and access the protected area it does not prompt me again for the username and password.  Seems like either my browser or the website is remebering that i have already logged in once and is allowing access.

If there a way to clear this and get the webpage to ask for login everytime the protected files are accessed?


31,595 Points
2015-06-22 4:12 pm
Hello Paul,

Thank you for contacting us. Yes, this is a browser setting, clearing the browser cache usually can correct this.

If it is still saving your login passwords after clearing the cache, it is most likely a setting to save passwords in your browser. The steps for clearing this will differ based on what browser you are not using.

For example, if you are using the Chrome browser, this guide explains how to delete a saved password in Chrome.

If you are using Chrome, let us know what browser you are using and we can provide more specific steps.

Thank you,
n/a Points
2018-01-22 1:43 am

A follow up to Paul's question. I see the same action - after logging in once the user can keep direclty accessing the page without having to log in again.

I would like the login to expire so they have to log in again when they next try to access the page. I understand there is a bit of a logic problem in this. ie: How to define when the user is RE-accessing the page vs. just accessing it?

In any event, might there be a way to keep a user from being able to continually access a page once they have logged in once short of changing that user's access?


1,173 Points
2018-01-22 12:23 pm
You can modify your theme's functions .php file to add a custom session expiration time to have them login more frequently, however, there is no way within WordPress to define when a page is being re-accessed, Generally when any user is interacting with a page there are going to be many javascript or jquery calls back to other scripts on the site and WordPress would have no way to differentiate between the site being re-accessed or just someone interacting with the page. You can find more info about how to adjust the timeouts here.
n/a Points
2015-05-30 8:35 am

I would like to ask about my subdomain. I wanted to protect my one subdomain because my default wordpress upload media folder is ia a subdomain, it has images, and other files. The images are used for the blogs, How can I protect the subdomain if someone is directly accessing it?

31,595 Points
2015-06-01 11:27 am
Hello Elvis,

Thank you for contacting us. We are happy to help, but it is not clear what you mean.

When you say "someone is directly accessing it" do you mean the images?

Thank you,
n/a Points
2015-04-18 8:04 am

Thanks you... very much...


Waqas Mehmood

n/a Points
2015-02-20 1:06 pm


I have another situation. I have an ftp. The ftp requires login. Inside the ftp there are folders. I want to give each folder password protection so a user can login to only the assigned folder. This would need to work with ftp clients and browser. Help is greatly appreciated!

10,077 Points
2015-02-20 3:05 pm
Hello Tom,

In order to do this you would need to create different logins for each folder you would like to protect. A FTP account only has access to its document root and any child folders beyond that.

Best Regards,
TJ Edens
n/a Points
2014-10-14 2:44 am

it shows like if the page does not exist, intead of asking for username and passwords

31,595 Points
2014-10-14 7:53 am
Hello joe,

Thank you for contacting us. I recommend checking the other rules in our .htaccess file, to make sure they are not interfering with the password protection.

We are happy to help, but will need some additional information.

Do other pages load?

Can you provide a link to the page that does not exist?

If you have any further questions, feel free to post them below.

Thank you,
n/a Points
2014-06-15 2:50 am

How long, if at all, for the changes to take affect and what causes the delays?

43,761 Points
2014-06-15 8:28 am
Hello Steve,

There should be no delays, it should take effect immediately. If you are not seeing it, be sure to clear your browser cache. That can sometimes be the cause of you not seeing the changes immediately.

Kindest Regards,
Scott M

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

45 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?


Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail:
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!