How to Password Protect a Directory

General | Updated March 2026

You can password-protect any directory on your website so that visitors must enter a username and password to access it. This is useful for staging areas, private file downloads, admin sections, or client portals. cPanel has a built-in tool that makes it easy, no manual .htaccess editing required.

In This Guide
  1. Password Protect via cPanel
  2. Manual .htaccess Method
  3. Removing Password Protection
Quick Steps

cPanel > Directory Privacy

  • ✓ cPanel > Directory Privacy > select the folder
  • ✓ Check "Password protect this directory" and name it
  • ✓ Create a user with a username and password
  • ✓ Visitors now see a login prompt when accessing that folder

01. Password Protect via cPanel

  1. Log into cPanel > click Directory Privacy (in the Files section)
  2. Navigate to the directory you want to protect and click its name
  3. Check "Password protect this directory"
  4. Enter a name for the protected directory (this appears in the login prompt visitors see)
  5. Click Save
  6. Create an authorized user - enter a username and password, then click "Add or modify the authorized user"

You can add multiple users if several people need access. Each gets their own username and password.

Tip

Password protection works on any directory, including public_html itself (protects your entire site), subdirectories, or addon domain directories. The login prompt appears before any content is served, so even images and CSS in the protected directory are hidden.

02. Manual .htaccess Method

If you prefer manual control, create two files in the directory you want to protect:

.htaccess

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/yourusername/.htpasswds/public_html/protected/passwd
Require valid-user

.htpasswd

Generate the password hash using cPanel > Terminal:

htpasswd -c /home/yourusername/.htpasswds/public_html/protected/passwd username

The AuthUserFile path must be the full server path to the password file, not a relative path. Place the password file outside of public_html if possible so it can't be downloaded by visitors.

For more .htaccess techniques, see our Complete .htaccess Guide.

03. Removing Password Protection

To remove protection, go back to cPanel > Directory Privacy, navigate to the folder, and uncheck "Password protect this directory." Click Save. The directory is immediately public again.

If you used the manual method, delete the AuthType, AuthName, AuthUserFile, and Require lines from the .htaccess file.

Need Help With Access Control?

If you need more advanced access control (IP-based restrictions, single sign-on, etc.), open a ticket and describe your requirements.

Open a Support Ticket

Quick Recap

  1. cPanel > Directory Privacy - easiest method, no code needed
  2. Select directory, enable protection, create user - three steps
  3. Multiple users supported - each with their own credentials
  4. Works on any directory - including your entire site
  5. Remove by unchecking - in Directory Privacy settings

Last updated March 2026 · Browse all General articles

  • 444 Users Found This Useful

Was this answer helpful?

Related Articles

I have a reseller account. What can I use for billing software and automation?

General | Updated 2026 If you have a reseller hosting account with Ultra Web Hosting and need...

https:// with Weebly

Obsolete | 2026 This Article Is Outdated Weebly was acquired by Square in 2018 and is...

Point Multiple Domains to the Same Website

General | Updated 2026 If you want multiple domain names to show the same website, you can...

FTP Root Directory and Account Structure

FTP | Updated March 2026 If you're connected via FTP and cannot navigate above your home...

Error 508/503 - Resource Limit Reached

Errors & Troubleshooting | Updated March 2026 A 508 "Resource Limit Is Reached" or 503...



Save 30% on web hosting - Use coupon code Hosting30