How to Password Protect a Directory

General | Updated March 2026

You can password-protect any directory on your website so that visitors must enter a username and password to access it. This is useful for staging areas, private file downloads, admin sections, or client portals. cPanel has a built-in tool that makes it easy, no manual .htaccess editing required.

In This Guide
  1. Password Protect via cPanel
  2. Manual .htaccess Method
  3. Removing Password Protection
Quick Steps

cPanel > Directory Privacy

  • ✓ cPanel > Directory Privacy > select the folder
  • ✓ Check "Password protect this directory" and name it
  • ✓ Create a user with a username and password
  • ✓ Visitors now see a login prompt when accessing that folder

01. Password Protect via cPanel

  1. Log into cPanel > click Directory Privacy (in the Files section)
  2. Navigate to the directory you want to protect and click its name
  3. Check "Password protect this directory"
  4. Enter a name for the protected directory (this appears in the login prompt visitors see)
  5. Click Save
  6. Create an authorized user - enter a username and password, then click "Add or modify the authorized user"

You can add multiple users if several people need access. Each gets their own username and password.

Tip

Password protection works on any directory, including public_html itself (protects your entire site), subdirectories, or addon domain directories. The login prompt appears before any content is served, so even images and CSS in the protected directory are hidden.

02. Manual .htaccess Method

If you prefer manual control, create two files in the directory you want to protect:

.htaccess

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/yourusername/.htpasswds/public_html/protected/passwd
Require valid-user

.htpasswd

Generate the password hash using cPanel > Terminal:

htpasswd -c /home/yourusername/.htpasswds/public_html/protected/passwd username

The AuthUserFile path must be the full server path to the password file, not a relative path. Place the password file outside of public_html if possible so it can't be downloaded by visitors.

For more .htaccess techniques, see our Complete .htaccess Guide.

03. Removing Password Protection

To remove protection, go back to cPanel > Directory Privacy, navigate to the folder, and uncheck "Password protect this directory." Click Save. The directory is immediately public again.

If you used the manual method, delete the AuthType, AuthName, AuthUserFile, and Require lines from the .htaccess file.

Need Help With Access Control?

If you need more advanced access control (IP-based restrictions, single sign-on, etc.), open a ticket and describe your requirements.

Open a Support Ticket

Quick Recap

  1. cPanel > Directory Privacy - easiest method, no code needed
  2. Select directory, enable protection, create user - three steps
  3. Multiple users supported - each with their own credentials
  4. Works on any directory - including your entire site
  5. Remove by unchecking - in Directory Privacy settings

Last updated March 2026 · Browse all General articles

  • 444 Users Found This Useful

Was this answer helpful?

Related Articles

Firewall and Security Protection

General | Updated March 2026 Every server in our hosting fleet is protected by multiple...

Whitelisting Our Support System Email Address

Email | Updated 2026 If you are not receiving emails from Ultra Web Hosting (support ticket...

How to Request a Server Module Installation

General | Updated March 2026 If you need a PHP extension, Perl module, or other server-side...

Error 401 Unauthorized

Errors & Troubleshooting | Updated March 2026 A 401 Unauthorized error means the server...

Is it possible to make a cron to backup my database at specific times?

Hosting Control Panel | Updated March 2026 Yes, you can schedule automatic database backups...



Save 30% on web hosting - Use coupon code Hosting30