H
10Corp Premium Hosting

How to Password Protect Directories

Last Updated: March 2026 2 min read

How to Password Protect Directories

Password protecting directories adds an extra layer of security by requiring a username and password before anyone can access files in that folder. This is useful for staging sites, admin areas, or private content.

Method 1: Using cPanel Directory Privacy

  1. Log into cPanel.
  2. Navigate to Files > Directory Privacy.
  3. Browse to the directory you want to protect and click its name.
  4. Check the box “Password protect this directory”.
  5. Enter a name for the protected directory (this appears in the login prompt).
  6. Click Save.
  7. Under Create User, enter a username and password.
  8. Click Add or modify the authorized user.

Now, when anyone tries to access that directory through a browser, they will be prompted for credentials.

Method 2: Using .htaccess and .htpasswd

For manual setup, you need two files:

Step 1: Create the .htpasswd file

The .htpasswd file stores encrypted usernames and passwords. Place it outside your public_html directory for security.

Generate an encrypted password using cPanel’s built-in generator or an online htpasswd generator, then create the file:

username:$apr1$xyz$encryptedPasswordHash

Recommended location: /home/username/.htpasswd

Step 2: Create or edit .htaccess

Add the following to the .htaccess file in the directory you want to protect:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/username/.htpasswd
Require valid-user

Protecting Specific Files

To protect a single file instead of an entire directory:

<Files "admin-config.php">
    AuthType Basic
    AuthName "Restricted"
    AuthUserFile /home/username/.htpasswd
    Require valid-user
</Files>

Protecting wp-admin (WordPress)

To add an extra layer of security to your WordPress admin:

  1. Create a .htpasswd file as described above.
  2. Create or edit .htaccess in the wp-admin directory:
AuthType Basic
AuthName "WordPress Admin"
AuthUserFile /home/username/.htpasswd
Require valid-user

Note: You may need to add an exception for admin-ajax.php to avoid breaking front-end AJAX functionality:

<Files admin-ajax.php>
    Satisfy Any
    Order allow,deny
    Allow from all
    Require all granted
</Files>

Managing Multiple Users

Add additional users to the .htpasswd file, one per line:

user1:$apr1$xyz$hashedPassword1
user2:$apr1$abc$hashedPassword2

Tips

  • Store .htpasswd outside public_html to prevent direct download.
  • Use strong passwords for all authorized users.
  • Test access in an incognito/private browser window after setup.
  • Password protection works alongside (not instead of) other security measures.

Troubleshooting

  • Login prompt keeps appearing: Verify the .htpasswd file path is correct and the password hash is valid.
  • 500 Error: Check .htaccess syntax carefully.
  • Can’t access after setup: Verify the username and password, or temporarily remove the .htaccess rules to regain access.

For help with directory protection, contact 10Corp support.

Tags: hosting security password-protection htaccess cpanel
Back to Hosting All Categories

Still need help?

Our support team is available 24/7 to assist you.

Open a Ticket Live Chat