Can I password-protect a directory using the cPanel interface?

Question

Can I password-protect a directory using the cPanel interface?

Answer

You can password-protect a directory using the Directory Privacy feature in the cPanel interface. This feature uses .htaccess and htpasswd configurations to limit access to specific files and directories on your websites. This will also limit access to subdirectories within the password-protected directory.

When using the Directory Privacy feature to password-protect a directory, the following rules are added to the .htaccess file in the password-protected directory. (If the .htaccess file does not exist, the file will be created.)

AuthType Basic
AuthName "Example"
AuthUserFile "/home/$USER/.htpasswds/Path/To/ProtectedDirectory/passwd"
Require valid-user

Please note that .htaccess rules added by common Content Management Systems, such as WordPress or Joomla, may conflict with the .htaccess rules added by Directory Privacy.

- For LiteSpeed Web Servers, you should also note the following:

This may cause a 404 error when accessing the password-protected directory in a browser. Sometimes, using the Litespeed Web Server instead of Apache may incur issues if no error document exists. LiteSpeed also runs as nobody and requires user "nobody" group access to the .htpasswd paths. By default, this path is set to cPanel account username user and group ownership.

If this occurs, you can try creating a file named "401.html" in the document root of the Content Management System and add the following to the .htaccess file in the password-protected directory: ErrorDocument 401 /401.html

Example:

ErrorDocument 401 /401.html

AuthType Basic
AuthName "Example"
AuthUserFile "/home/$USER/.htpasswds/Path/To/ProtectedDirectory/passwd"
Require valid-user

Further information can be found in our documentation: 

Directory Privacy