Htaccess password: protect website folders

The cPanel Directory Privacy tool allows you to protect specific folders of our account using the htaccess password protection. By enabling this type of protection, when someone tries to access a file inside the password-protected folder, they will first have to enter the login credentials.

To protect a folder, cPanel creates, or modifies if it is already present, two files: .htaccess and .htpasswd so that to limit access to website files. Let’s see how to implement the function from the control panel.

Protect a folder

The cPanel Privacy directory feature modifies the htaccess and htpasswd files to regulate access to the website files to users with credentials only (i.e. username and password). Let’s see how to set up htaccess password protection on your website.

Keep in mind that the function protects the website from front-end access, while users who have access via FTP will not have to authenticate to access the files.

First, login to cPanel and then click on the Directory Privacy in the Files section.

Cpanel Files Directory Privacy

After opening this tool, you will find yourself in front of your account’s folder list.

By clicking on the name of a folder, you will be able to see the folders inside it.

To return to the previous level, just click on the Up One Level button as shown on this screen.

Directory Privacy Up One Level

After navigating to the folder you are interested in protecting, you can enable htaccess password protection. To do this, click on the Edit button corresponding to the folder you want to protect.

Directory Privacy Edit

To enable protection, you must first check the box next to Password protect this directory.

By doing so, in the “Enter a name for the protected directory” field, cPanel will generate a name for the protected folder like: “Protected’path_folder’“.

Password Protect This Directory

You can change the folder name. This name will appear when you access the website, plus you will be prompted for credentials after clicking on the Save button.

Protected Directory

If the operation is successful, you will see a success message like this.

Directory Privacy Success

Click on the Go Back button to return to the previous screen.

Directory Privacy Go Back

From this section, you can create a user who will be able to access the protected folder.

Create the user

After activating folder protection with the htaccess password, you will need to create a new user who can access it.

To do this, just fill in the fields with username, new password, and confirm password.

Directory Privacy Create User

The system analyzes the password and lets you proceed only if the password strength reaches the minimum threshold of 60.

Directory Privacy Create User Very Weak Password

Make sure your password is not easy to find, try including numbers, upper and lower case letters, and special characters.

You can also click the Password Generator button to create a random password. By opening the Advanced Options of the integrated tool to generate the password, you can choose the parameters to use:

  • lowercase only, uppercase or both
  • adding numbers or symbols, or all of them.

Make sure you save the password in a safe place, check the box “I have copied this password in a safe place“, and click on Use password to proceed.

Password Generator Cpanel

You will receive a success message like this, showing you that the password has been set correctly.

Directory Privacy Succesfully Set Password

This way, we created the credentials that will allow us to access the protected folder.

Click on Go Back again to return to the previous screen.

Directory Privacy Succesfully Set Password Go Back

Access the secure folder

After creating the user, when connecting to the protected folder with the htaccess password method, you will see a box like this:

Directory Privacy Sign In

To proceed, simply enter the Username and Password of the user you have just created and click on Sign in.

Manage authorized users

After creating at least one user who has access to the password-protected folder, you will see a new box appear under the “Create user” section.

In this section, “Authorized users” you will see the list of all users who have access to this specific folder.

Authorized Users

Add a new user

To add a new user, just repeat the steps we saw in the section “Create the user”.

Change password for a user

If you want to change the password of one of the users in the list, simply enter their username in the “Create user” section and reset the password.

If, for example, after creating a user with username “User2”, you want to change the password, you will have to fill in the fields as follows:

Username: User2

New Password and Confirm Password: enter the new password.

Directory Privacy Change User Password

Remove access to a user

The “Authorized users” section also allows us to delete the users created. To do this, just select the user you want to delete, simply clicking on the username from the list and then clicking on the Delete user button.

Directory Privacy Delete User

A success message will inform you that the user has been removed.

Directory Privacy User Removed

Disable folder protection

When accessing the Directory Privacy tool from cPanel, you can see which folders in your account are password protected and which are not.

Password-protected folders will show a padlock in the “Private” column, as shown in this screenshot.

Directory Privacy List

To disable the htaccess password protection of a folder, click on Edit.

Disable Directory Privacy

After that, we uncheck the box next to Password protect this directory and click on Save.

Disable Directory Privacy Steps

A notice like this will confirm that the operation was successful.

Directory Privacy Disabled

Try one of our hosting plans for free and without obligation for 14 days. No payment information required!