How to Password Protect a Directory

General | Updated March 2026

You can password-protect any directory on your website so that visitors must enter a username and password to access it. This is useful for staging areas, private file downloads, admin sections, or client portals. cPanel has a built-in tool that makes it easy, no manual .htaccess editing required.

In This Guide
  1. Password Protect via cPanel
  2. Manual .htaccess Method
  3. Removing Password Protection
Quick Steps

cPanel > Directory Privacy

  • ✓ cPanel > Directory Privacy > select the folder
  • ✓ Check "Password protect this directory" and name it
  • ✓ Create a user with a username and password
  • ✓ Visitors now see a login prompt when accessing that folder

01. Password Protect via cPanel

  1. Log into cPanel > click Directory Privacy (in the Files section)
  2. Navigate to the directory you want to protect and click its name
  3. Check "Password protect this directory"
  4. Enter a name for the protected directory (this appears in the login prompt visitors see)
  5. Click Save
  6. Create an authorized user - enter a username and password, then click "Add or modify the authorized user"

You can add multiple users if several people need access. Each gets their own username and password.

Tip

Password protection works on any directory, including public_html itself (protects your entire site), subdirectories, or addon domain directories. The login prompt appears before any content is served, so even images and CSS in the protected directory are hidden.

02. Manual .htaccess Method

If you prefer manual control, create two files in the directory you want to protect:

.htaccess

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/yourusername/.htpasswds/public_html/protected/passwd
Require valid-user

.htpasswd

Generate the password hash using cPanel > Terminal:

htpasswd -c /home/yourusername/.htpasswds/public_html/protected/passwd username

The AuthUserFile path must be the full server path to the password file, not a relative path. Place the password file outside of public_html if possible so it can't be downloaded by visitors.

For more .htaccess techniques, see our Complete .htaccess Guide.

03. Removing Password Protection

To remove protection, go back to cPanel > Directory Privacy, navigate to the folder, and uncheck "Password protect this directory." Click Save. The directory is immediately public again.

If you used the manual method, delete the AuthType, AuthName, AuthUserFile, and Require lines from the .htaccess file.

Need Help With Access Control?

If you need more advanced access control (IP-based restrictions, single sign-on, etc.), open a ticket and describe your requirements.

Open a Support Ticket

Quick Recap

  1. cPanel > Directory Privacy - easiest method, no code needed
  2. Select directory, enable protection, create user - three steps
  3. Multiple users supported - each with their own credentials
  4. Works on any directory - including your entire site
  5. Remove by unchecking - in Directory Privacy settings

Last updated March 2026 · Browse all General articles

  • 444 Users Found This Useful

Was this answer helpful?

Related Articles

I am unable to delete a file

This can occur for several reasons. With our service, if a directory of a script was found to be...

I have a reseller account. What can I use for billing software and automation?

There are many great programs that work for both billing, domain and cpanel integration. Check...

Your connection to this server has been blocked at the firewall

Blocked by the Server Firewall   If you see the message "Your connection to this server has...

Convert PDF to HTML Service

Converting PDF to HTML   If you need to convert a PDF document to HTML for publishing on...

Whitelisting Our Support System Email Address

Whitelist Instructions Because we use often use html emails with http addresses in them, our...



Save 30% on web hosting - Use coupon code Hosting30