Directories can be password protected via cPanel. This secures all the files within the password-protected folders.
Note: The cPanel can only protect directories and not individual files. Any file that needs to be protected can be located in a protected directory. Moreover, it does not protect the directories that are accessible locally or through FTP, SFTP, or Web Disk.
Steps to Protect a Directory with the help of a Password
1. Login to your cPanel account.
2. Navigate to the Files section and click on Directory Privacy.
3. Click on the directory that you want to protect.
4. You will be redirected to a page “Set permissions for “/home/idigitalcamp/public_html”.
5. Tick the option Password protect this directory as in the above screenshot.
6. Under Security Settings type the name for the selected directory in the Enter a name for the protected directory field. Note that this is the label of that directory. It doesn’t change the actual name of the directory.
7. Next, click on the Save button.
8. A confirmation page will get displayed. Here, click on Go Back.
9. Then you need to create a user that can access this directory. For this under Create User, fill in the Username, New Password, and Confirm Password fields. The Password Generator button will help you to generate a strong password.
10. Then click the Save button.
11. Lastly, click on Go Back.
12. To check if your directory has been password protected, go to your browser and browse the directory. If the browser asks you to log in, then your folder has been password protected. In this example, the public_html (the domain name, example.com) has been accessed in a browser. When anyone accesses it, a pop-up box will get displayed as below:
Note: Enter the username and password created in the previous step to access the directory.
Getting a 404 Error When Browsing a URL With a Shared Server SSL
Suppose you are accessing a password-protected directory with a URL containing the use of a shared server SSL (https://securexxx.milesweb.co.uk/~/) and getting a 404 error, it is because Apache is searching for a 401 page and displaying a 404 when it is not found.
The solution to this error is to add a single line to the .htaccess file in the protected directory, so that Apache gets the 401 pages it is looking for (ErrorDocument 401 Authorization Required).
Example
In the below code, ensure to replace yourusername with your actual cPanel username, and also ensure the example123 is replaced with your actual server number. You will get this information in your Welcome Email as well as on the left navigation menu in your cPanel.
Before Fix:
[root@example123 /home/yourusername/www/home]# more .htaccess.old AuthType Basic AuthName "home" AuthUserFile "/home/yourusername/.htpasswds/public_html/home/passwd" require valid-user
After Fix:
[root@example123 /home/yourusername/www/home]# more .htaccess AuthType Basic AuthName "home" AuthUserFile "/home/yourusername/.htpasswds/public_html/home/passwd" require valid-user ErrorDocument 401 "Authorization Required"
Getting 500 Error After Login
Check the ownership on the .htpasswds folder (above public_html). Change it from user.user to user.nobody and check if the permissions are set to 750 and then refresh your protected page. The error will be resolved.
In this way, you can easily protect a directory with a password.
