You can configure directories (folders) on your site so that they can only be accessed by entering a username and password. To do this:
- Log into cPanel for your domain and click “Password Protect Directories.”
- Click the name of the directory you want to protect (you can drill down into directories by clicking the folder icon next to its name; directory protection applies to a directory and all of its subdirectories).
- Go first to the bottom of the screen and enter a username/password that will have access to the directory (this need not be related to your system login). After the username has been created, click “Go Back.”
- Check the protection box and enter a label such as “Larry’s Space” or “Invoices” and click Save. The directory is now protected.
- You can add more usernames to the list at any time.
If you prefer, you can do this manually, from the shell, with the following non-cPanel instructions.
To password-protect some part of your web site, you’ll need to access your account over an SSH connection and create two files.
.htaccess – this tells the web server which username can get into a directory, and where to find an encrypted password file for that user, among other things.
.htpasswd – an encrypted password file. This should live outside of your public_html directory.
.htaccess can be created with a text editor such as vi or pico or emacs. “cd” to the directory you want protected, type (e.g.) “pico .htaccess” and paste in the following code:
AuthUserFile /home/username/.htpasswd AuthGroupFile /dev/null AuthName "Neverland" AuthType Basic
require user JohnDoe
Change “username” to your account name. Change “Neverland” to some other descriptor (this will appear in the browser’s authentication dialog as the “Realm” name) and change JohnDoe to the username you want to be able to log in to the directory. Save and exit the file (in pico, type Ctrl-O, [Return], Ctrl-X).
Now you’ll need to get out of your public_html directory and use the htpasswd command to generate an encrypted password file.
to return to your home directory.
htpasswd -c .htpasswd JohnDoe
replacing JohnDoe with the same user you put on the “require” line of the .htaccess file.
You’ll be prompted for a password. Enter the password you want JohnDoe to use to log in — NOT your account password! Confirm the entry by typing it again, and you’re done. All further attempts to access the directory via the web should cause an authentication dialog to be displayed. If it isn’t, retrace your steps – something went wrong.
There’s a lot more you can do .htaccess.