The cPanel Directory Privacy tool allows you to protect specific folders of our account using the htaccess password protection. By enabling this type of protection, when someone tries to access a file inside the password-protected folder, they will first have to enter the login credentials.
To protect a folder, cPanel creates, or modifies if it is already present, two files: .htaccess and .htpasswd so that to limit access to website files. Let's see how to implement the function from the control panel.
Table of Contents
Protect a folder
The cPanel Privacy directory feature modifies the htaccess and htpasswd files to regulate access to the website files to users with credentials only (i.e. username and password). Let's see how to set up htaccess password protection on your website.
Keep in mind that the function protects the website from front-end access, while users who have access via FTP will not have to authenticate to access the files.
First, login to cPanel and then click on the Directory Privacy in the Files section.
After opening this tool, you will find yourself in front of your account's folder list.
By clicking on the name of a folder, you will be able to see the folders inside it.
To return to the previous level, just click on the Up One Level button as shown on this screen.
After navigating to the folder you are interested in protecting, you can enable htaccess password protection. To do this, click on the Edit button corresponding to the folder you want to protect.
To enable protection, you must first check the box next to Password protect this directory.
By doing so, in the "Enter a name for the protected directory" field, cPanel will generate a name for the protected folder like: "Protected'path_folder'".
You can change the folder name. This name will appear when you access the website, plus you will be prompted for credentials after clicking on the Save button.
If the operation is successful, you will see a success message like this.
Click on the Go Back button to return to the previous screen.
From this section, you can create a user who will be able to access the protected folder.
Create the user
After activating folder protection with the htaccess password, you will need to create a new user who can access it.
To do this, just fill in the fields with username, new password, and confirm password.
The system analyzes the password and lets you proceed only if the password strength reaches the minimum threshold of 60.
Make sure your password is not easy to find, try including numbers, upper and lower case letters, and special characters.
You can also click the Password Generator button to create a random password. By opening the Advanced Options of the integrated tool to generate the password, you can choose the parameters to use:
- lowercase only, uppercase or both
- adding numbers or symbols, or all of them.
Make sure you save the password in a safe place, check the box "I have copied this password in a safe place", and click on Use password to proceed.
You will receive a success message like this, showing you that the password has been set correctly.
This way, we created the credentials that will allow us to access the protected folder.
Click on Go Back again to return to the previous screen.
Access the secure folder
After creating the user, when connecting to the protected folder with the htaccess password method, you will see a box like this:
To proceed, simply enter the Username and Password of the user you have just created and click on Sign in.
Manage authorized users
After creating at least one user who has access to the password-protected folder, you will see a new box appear under the "Create user" section.
In this section, "Authorized users" you will see the list of all users who have access to this specific folder.
Add a new user
To add a new user, just repeat the steps we saw in the section "Create the user".
Change password for a user
If you want to change the password of one of the users in the list, simply enter their username in the "Create user" section and reset the password.
If, for example, after creating a user with username "User2", you want to change the password, you will have to fill in the fields as follows:
New Password and Confirm Password: enter the new password.
Remove access to a user
The "Authorized users" section also allows us to delete the users created. To do this, just select the user you want to delete, simply clicking on the username from the list and then clicking on the Delete user button.
A success message will inform you that the user has been removed.
Disable folder protection
When accessing the Directory Privacy tool from cPanel, you can see which folders in your account are password protected and which are not.
Password-protected folders will show a padlock in the "Private" column, as shown in this screenshot.
To disable the htaccess password protection of a folder, click on Edit.
After that, we uncheck the box next to Password protect this directory and click on Save.
A notice like this will confirm that the operation was successful.