HOW TO: Password Protect Files and Directories in cPanel
Posted by Asilah A. on 02 November 2022 05:57 PM
How to Password Protect Directories in cPanel
1. Login to cPanel account > Go to Files Section > Click on Directory Privacy.
2. Once there, you may pick up the directory you wish to protect.
In Security Settings section give a name to the protected directory and check-mark Password protect this directory option:
In Create User section specify the username and the password that should be used to access this directory:
In our example we've set protection for subdomain “google” directory, so that when following https://google.prtsrc.xyz link, the following authentication pop-up window comes up:
How to Password Protect Files in cPanel
1. Navigate to /home/user in your File Manager:
2. Make sure that Show Hidden Files (dotfiles) option is enabled in Settings menu:
3. Create a file named .htpasswd and place it above your root directory, so visitors cannot access it.
Example of the root directory pathway for shared accounts: /home/cpanelusername/.htpasswd
4. Create an encrypted password using htpasswd generator. It doesn't matter how many individual files you wish to protect, they can all share a common .htpasswd file:
5. Right click on .htpasswd file and select the Edit option:
6. Place the generated .htpasswd code into .htpasswd file and click on Save Changes button:
7. Navigate to the directory where the file that you would like to password protect is stored.
8. Right click on .htaccess file and select the Edit option:
9. Insert the following code into .htaccess file:
10. NOTE: replace examplefile.extension with your actual file's name and cpanelusername with your actual cPanel username
WordPress and Password Protected Files
WordPress can have some minor conflicts with password protecting files due to the changes in its default .htaccess rules.
NOTE: make sure that you have created a backup of your .htaccess file before making any changes to it. Thus, you will be able to revert back to a previous version if needed.
Edit .htaccess file in the folder for your WordPress installation and remove the line of code shown in bold below:
Replace this line:
RewriteRule . /index.php [L]
with this new one:
RewriteRule ./ /index.php [L]
After that add the code needed for password protection. The final version should look like this:
And save the changes.
Below you can see the example of our .htaccess file code:
2. Reset Permalinks
You will also need to re-generate WordPress permalinks to make sure that they have the new URL structure.
You can do it in your WordPress admin panel >> Settings >> Permalinks menu.
then revert everything back.