How to Password Protect a Directory

General | Updated March 2026

You can password-protect any directory on your website so that visitors must enter a username and password to access it. This is useful for staging areas, private file downloads, admin sections, or client portals. cPanel has a built-in tool that makes it easy, no manual .htaccess editing required.

In This Guide
  1. Password Protect via cPanel
  2. Manual .htaccess Method
  3. Removing Password Protection
Quick Steps

cPanel > Directory Privacy

  • ✓ cPanel > Directory Privacy > select the folder
  • ✓ Check "Password protect this directory" and name it
  • ✓ Create a user with a username and password
  • ✓ Visitors now see a login prompt when accessing that folder

01. Password Protect via cPanel

  1. Log into cPanel > click Directory Privacy (in the Files section)
  2. Navigate to the directory you want to protect and click its name
  3. Check "Password protect this directory"
  4. Enter a name for the protected directory (this appears in the login prompt visitors see)
  5. Click Save
  6. Create an authorized user - enter a username and password, then click "Add or modify the authorized user"

You can add multiple users if several people need access. Each gets their own username and password.

Tip

Password protection works on any directory, including public_html itself (protects your entire site), subdirectories, or addon domain directories. The login prompt appears before any content is served, so even images and CSS in the protected directory are hidden.

02. Manual .htaccess Method

If you prefer manual control, create two files in the directory you want to protect:

.htaccess

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/yourusername/.htpasswds/public_html/protected/passwd
Require valid-user

.htpasswd

Generate the password hash using cPanel > Terminal:

htpasswd -c /home/yourusername/.htpasswds/public_html/protected/passwd username

The AuthUserFile path must be the full server path to the password file, not a relative path. Place the password file outside of public_html if possible so it can't be downloaded by visitors.

For more .htaccess techniques, see our Complete .htaccess Guide.

03. Removing Password Protection

To remove protection, go back to cPanel > Directory Privacy, navigate to the folder, and uncheck "Password protect this directory." Click Save. The directory is immediately public again.

If you used the manual method, delete the AuthType, AuthName, AuthUserFile, and Require lines from the .htaccess file.

Need Help With Access Control?

If you need more advanced access control (IP-based restrictions, single sign-on, etc.), open a ticket and describe your requirements.

Open a Support Ticket

Quick Recap

  1. cPanel > Directory Privacy - easiest method, no code needed
  2. Select directory, enable protection, create user - three steps
  3. Multiple users supported - each with their own credentials
  4. Works on any directory - including your entire site
  5. Remove by unchecking - in Directory Privacy settings

Last updated March 2026 · Browse all General articles

  • 444 Users Found This Useful

Was this answer helpful?

Related Articles

I have a reseller account. What can I use for billing software and automation?

There are many great programs that work for both billing, domain and cpanel integration. Check...

How to Request a Server Module Installation

General | Updated March 2026 If you need a PHP extension, Perl module, or other server-side...

Heartbleed Vulnerablity, Risk and Fix

The Heartbleed bug (http://en.wikipedia.org/wiki/Heartbleed_bug) is a serious vulnerability which...

Do you have a firewall?

Firewall and Security Protection   Yes, every server in our hosting fleet is protected by...

How to Pass Variables Between HTML Pages

General | Updated March 2026 Plain HTML files cannot pass variables between pages on their...



Save 30% on web hosting - Use coupon code Hosting30