How to Protect a Directory with a Password

You can password protect directories (folders) via the cPanel, protecting all the files within the password-protected folders.

Note: At this time, the cPanel can only protect directories, not individual files. Any file that needs protection can be placed in a protected directory. This also does not protect the directories that can be accessed locally or through FTP, SFTP, or Web Disk.

To password-protect a directory:

Log in to your cPanel.
Look for the Files section, then click on the Directory Privacy icon.
Locate the name of the directory you wish to password protect.
Click on your directory's Edit button.
Put a checkmark on Password protect this directory.
Enter a name for the selected directory. It is important to note that this serves as the label of that directory. It does not change the directory's actual name.
Click on the Save button.
A confirmation page will appear. Click Go Back.
You will then need to create a user who can access this directory.
Fill in the Username, New Password, and Confirm Password boxes. You can utilize the Password Generator button to generate a strong password.
Click the Save button.

How to check if the directory has been password protected?

Launch your browser and view the directory to ensure your directory has been password protected.

If the browser prompts you to log in, your folder has been password protected. This example shows the public_html (the domain name, example.com) has been accessed in a browser. When accessed, a pop-up box will show up.

Password Protect URL in Browser

You can enter the user and password you created earlier to access the directory.

404 error when using a URL with a shared server SSL

If you are accessing a password-protected directory with a URL that includes the use of a shared server SSL (https://securexxx.hostgator.com/~<user>/<whatever>) and receiving a 404 error, this is because Apache is looking for a 401 page and serving a 404 when it is not found.

To resolve this, add a single line to the .htaccess file in the protected directory to give Apache the 401 pages it is looking for (ErrorDocument 401 Authorization Required).

For information on how to add this line to your .haccess file, please read:

How to Edit Your .htaccess File

Example

In the following code, please be sure to replace yourusername with your actual cPanel username, and also be sure the gator123 is replaced with your actual server number. This information can be found in your Welcome Email and on the left navigation menu in your cPanel.

Before fix:

[[email protected] /home/yourusername/www/home]# more .htaccess.old

AuthType Basic
AuthName "home"
AuthUserFile "/home/yourusername/.htpasswds/public_html/home/passwd"
require valid-user

After fix:

[[email protected] /home/yourusername/www/home]# more .htaccess

AuthType Basic
AuthName "home"
AuthUserFile "/home/yourusername/.htpasswds/public_html/home/passwd"
require valid-user
ErrorDocument 401 "Authorization Required"

500 error after login

Check the folder ownership on the .htpasswds folder (above public_html). Change them from user.user to user. Ensure the permissions are set to 750 and refresh your protected page. The error will be gone.

Shared and Reseller customers will need HostGator's help to change any file's ownership. Please contact us via phone or chat to make this change.

Account Type	Total Free Transfers	Full cPanel Transfers	Max. Manual Transfers
?Shared	1	1²	1
?Reseller	30	30²	30
?VPS	Unlimited¹	Unlimited²	10 per VPS level
?Dedicated (Basic)	Unlimited¹	Unlimited²	75
?Dedicated (Standard, Elite, Pro)	Unlimited¹	Unlimited²	100