How to Password Protect a Directory

General | Updated March 2026

You can password-protect any directory on your website so that visitors must enter a username and password to access it. This is useful for staging areas, private file downloads, admin sections, or client portals. cPanel has a built-in tool that makes it easy, no manual .htaccess editing required.

In This Guide
  1. Password Protect via cPanel
  2. Manual .htaccess Method
  3. Removing Password Protection
Quick Steps

cPanel > Directory Privacy

  • ✓ cPanel > Directory Privacy > select the folder
  • ✓ Check "Password protect this directory" and name it
  • ✓ Create a user with a username and password
  • ✓ Visitors now see a login prompt when accessing that folder

01. Password Protect via cPanel

  1. Log into cPanel > click Directory Privacy (in the Files section)
  2. Navigate to the directory you want to protect and click its name
  3. Check "Password protect this directory"
  4. Enter a name for the protected directory (this appears in the login prompt visitors see)
  5. Click Save
  6. Create an authorized user - enter a username and password, then click "Add or modify the authorized user"

You can add multiple users if several people need access. Each gets their own username and password.

Tip

Password protection works on any directory, including public_html itself (protects your entire site), subdirectories, or addon domain directories. The login prompt appears before any content is served, so even images and CSS in the protected directory are hidden.

02. Manual .htaccess Method

If you prefer manual control, create two files in the directory you want to protect:

.htaccess

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/yourusername/.htpasswds/public_html/protected/passwd
Require valid-user

.htpasswd

Generate the password hash using cPanel > Terminal:

htpasswd -c /home/yourusername/.htpasswds/public_html/protected/passwd username

The AuthUserFile path must be the full server path to the password file, not a relative path. Place the password file outside of public_html if possible so it can't be downloaded by visitors.

For more .htaccess techniques, see our Complete .htaccess Guide.

03. Removing Password Protection

To remove protection, go back to cPanel > Directory Privacy, navigate to the folder, and uncheck "Password protect this directory." Click Save. The directory is immediately public again.

If you used the manual method, delete the AuthType, AuthName, AuthUserFile, and Require lines from the .htaccess file.

Need Help With Access Control?

If you need more advanced access control (IP-based restrictions, single sign-on, etc.), open a ticket and describe your requirements.

Open a Support Ticket

Quick Recap

  1. cPanel > Directory Privacy - easiest method, no code needed
  2. Select directory, enable protection, create user - three steps
  3. Multiple users supported - each with their own credentials
  4. Works on any directory - including your entire site
  5. Remove by unchecking - in Directory Privacy settings

Last updated March 2026 · Browse all General articles

  • 444 Users Found This Useful

Was this answer helpful?

Related Articles

Point my domain to my wix account

General | Updated 2026 If you want to use a domain registered through Ultra Web Hosting with...

FTP Root Directory and Account Structure

FTP | Updated March 2026 If you're connected via FTP and cannot navigate above your home...

What is this Code 304 appearing in my stats?

Article Updated This article has been consolidated HTTP status codes in web stats are...

How can I change the default page / document?

General | Updated 2026 The default page (also called the directory index) is the file that...

Mounting Samba Share in Linux for Startup

General | Updated March 2026 Mounting a Samba (SMB/CIFS) share on a Linux server lets you...



Save 30% on web hosting - Use coupon code Hosting30