Step by Step Approach to Password Protect a Directory in cPanel

Sometimes it is necessary to protect a folder with a password. This adds an extra security layer for the files in that folder and may just help to further secure your website. You can add an extra layer of protection to files you don’t want the general public to have access to. Password protecting a directory can be easily accomplished using the option within cPanel. We will also provide you the instructions on how to remove the password protection after it has been added.

You will also want to read:

How to Create a MySQL Database, a User and Delete Database in Cpanel
How to Create a SubDomain in Cpanel
How to Create a Website/Domain Redirect in cPanel
How to force your website url with www or non-www using htaccess
How to optimize your website to use less server resources

It’s important to understand how password protection on a folder works. When you choose to password protect a directory in cPanel, cPanel creates a rule in your .htaccess file. This rule specifies that the folder is protected and the visitor will need to provide the proper username and password to log in and view the files.

Please keep in mind, when you grant access through password protection, you are not only granting access for that folder, but any subfolders located within it. Also, by password protecting a directory and gain access to any subfolders in that directory you must provide the login credentials to do so.

Steps to Password Protect a Directory

Log into cPanel
Find the icon under the Security heading and click on the Password Protect Directories icon

Select the directory you'd like to navigate to in the pop up window.

Now, select the directory you wish to password protect. Clicking a folder name will password protect that folder. If you want to password protect a subfolder, click on the folder icon next to it's name, then select your appropriate folder.

Once you have selected a folder to password protect a screen will appear with settings you'll need to configure. When finished save the settings and "new" user you create.

Now, when you visit the site in your web browser you'll be prompted with a login screen for that directory.

Also read:

How to Reset or Change to a New CPanel Password
How to Set Up and Delete a Cron Job
How to Setup Google Apps MX, CNAME and SPF records
How to upload files to a website
Overview of Quickinstall

How to Remove the password protection from a directory

The steps to remove password protection on a directory is a fairly quick and simple process. One reason you might want to password protect a directory and then remove the protection is for testing purposes. Or, if you are finally ready to make the folder open to the public, then you can remove the password protection so that everyone can access the files. The instructions for removing the protection are as follows:

Log into your cPanel
Scroll down to the Security section in the cPanel and then click the Password Protect Directories icon. Choose Web Root if you see a pop-up window, and then click Go
Scroll down the folder list until you see the folder you previously password protected. If the folder is a sub-folder to another one, make sure that you click on the folder icon next to the folder name. If you click on the folder name, the interface will think you're setting protection on that folder. If you do this by accident, simply re-open the password protection interface to get back to the folder list.
When you find the folder that has been password protected, click on the folder name to select it.
Uncheck the box that says "Password protect this directory".
Click on SAVE in order to save your entries.

Also read:

PHP Configuration in cPanel
How to Backup My Website in cPanel
The htaccess file and its uses


Password protection against attacks

To protect your password, ensure it doesn't have characteristics that make it easier for attackers to break. Don't use common words in the dictionary, easily repeated keystrokes like 123456 or qwerty, and try to use a mix of different character sets.

The longer and more complex you make your password, the better chance you'll have of never having to reset it. With how often there are large attacks against accounts these days, it's typically better to be safe than sorry.

Create strong passwords with length and character sets

When it comes to making a strong password, the longer the better, and using multiple character sets is best.

There are 94 characters used between lowercase, uppercase, 32 special characters, and 10 numbers.
Password length

If you create a simple password only using 5 characters from the 26 lowercase letters character set.

The math behind that is simply 26 * 26 * 26 * 26 * 26 or 26^5 giving you 11.8 Million possible passwords.

Add one extra character and 26 * 26 * 26 * 26 * 26 * 26 or 26^6 gives you 309 million possible passwords!
Password character sets

If we took our same 5 character password, and just added in uppercase letters as another character set.

We would now be multiplying by 26 lowercase + 26 upper case letters and have a possible 52 characters.

The math for that would be 52 * 52 * 52 * 52 * 52 or 52^5 giving you 380 Million possible passwords.

Adding special characters into the mix, and also numbers, then you have 94 characters.

So even with just 5 characters 94 * 94 * 94 * 94 * 94 or 94^5 gives you 7 Billion 339 Million passwords!

Generate strong passwords with cPanel

If you'd like to quickly generate a strong password in cPanel, you can easily do so following these steps:

Login to cPanel
click on change passwordUnder the Administration & Help section, click on Change Password
click on password generatorClick on Password Generator.
copy passwordNow highlight the generated password and hit Ctrl-C to copy it.

Come up with your own strong password

One common tactic for coming up with your own strong password is developing a long phrase that you'll never forget, and then use character substitutions to add extra complexity to it.


What is a Strong Password Policy

A password policy is a set of rules which were created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. Normally, a password policy is a part of the official regulations of an organization and might be employed as a section of the security awareness training.

Although most users understand the nature of security risks related to simple passwords, there’s still frustration when users are required to spend time attempting to create a password that meets an unfamiliar criteria or attempting to remember a previously created strong password.

Enforce Using Strong Passwords


Passwords are a first line of protection against any unauthorized access into your personal computer. The stronger the password, the higher level of protection your computer has from malicious software and hackers.

A strong password isn’t just about one password, it’s important that you guarantee strong passwords for each account that you access through your computer. When you are utilizing a corporate network, the network administrator may encourage you to use a strong password.

To be able to create a strong password, you should be aware of the criteria to create make one. These criteria basically include the following:
A strong password must be at least 8 characters long.
It should not contain any of your personal information—specifically your real name, user name, or even your company name.
It must be very unique from your previously used passwords.
It should not contain any word spelled completely.
It should contain characters from the four primary categories, including: uppercase letters, lowercase letters, numbers, and characters.

Educating Users to Manage Their Strong Passwords

Having a password like GT_=[HHred990nnb is VERY secure. It contains most every element of a strong password. But how many users will remember a password like this. Chances are that a strong password like this is written down on a piece of paper taped to the user’s monitor, underneath their keyboard, or sitting in top their desk drawer. It might be even hidden among the random items on the user’s desk.

User can instead relate their passwords to things they can easily remember, like a favorite sport or hobby. For instance, “I enjoy playing basketball” can be “IEnjoiPlay!ngB@$k3tb@ll11”. Secure and also easily remembered by users.

Password management software takes the hassle out of managing strong passwords. For less than the price of a soda, you can easily create and manage strong passwords. But the combinations are numerous and by just remembering one main strong password, you can rely on a password manager to take care of the rest.

Creating Strong Password Policy Best Practices

A password may follow the traditional guidelines yet still turn out to be a weak password. Users who can’t remember their strong passwords and end up writing them down or constantly having to reset their passwords undermine the benefits of a strong password policy.

Passwords are one piece of the security puzzle in the enterprise. Keeping user accounts secure takes a combination of a thorough process for strong password creation and an easy to use system for users to follow to keep those passwords safe.

  • 47 Users Found This Useful
Was this answer helpful?

Related Articles

I have a full backup of account through cPanel. How do I restore it?

It is recommended that you maintain healthy backup of your website and possibly download the...

How To Create, Edit, and Delete a File in cPanel Using File Manager

This tutorial will be useful for you to understand how to create a file, edit a file or delete...

How to Create and Manage a MySQL Database

Create MySQL Database and User via cPanel The MySQL Database Wizard is another useful tool...

How do I create and remove an Addon Domain?

An add-on domain is a separate domain name that you add to your web hosting subscription with...

How to Set Up and Delete a Cron Job

A cron job allows you to run a certain command at times set by the job. For example, you could...