Password Protect a Folder or File on your Website | Bluehost Support
  1. bluehost knowledge base

Password Protect a Folder or File on your Website

What You Need

You will need the following items to complete this walkthrough:

  • The username and password to your Bluehost account.
  • The path and name of the folder you want to protect with a password.

Access The Password Protect Directories Tool


  1. Log in to your Bluehost account.
  2. On the left side menu option, click Advanced.
  3. Under the Files section, click on Directory Privacy.


  1. Log in to your Bluehost control panel.
  2. Make sure you are on the cPanel tab at the top of your account.
  3. Scroll down to the Security group of icons and click on Directory Password.

Protecting a Directory

  1. Navigate the folder structure and select the directory you want.

    NOTE: To open a folder and see its contents click the folder. To select a folder for password protection, click on the folder name.

  2. Choose the Password protect this directory option.
  3. Enter the name for the directory; this will appear whenever someone accesses the directory.
  4. Click Save.

Protecting a File

When you Password Protect a directory, the system will place configurations into a file called '.htaccess.' This file will be located in the folder that you protected.

In the .htaccess file will be statements such as the following:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/[username]/.htpasswds/public_html/passwd"
require valid-user

You will now need to modify the .htaccess file to apply the statements to a specific file. This is done with the following tags:

<Files [filename]></Files >

In this example, we will protect the file 'secure.html.' This is done by modifying the .htaccess statement as follows:

<Files secure.html>
  AuthType Basic
  AuthName "Restricted Area"
  AuthUserFile "/home/[username]/.htpasswds/public_html/passwd"
  require valid-user

This can also be used to protect multiple individual files in a directory. The method is very similar. However, this time use Apache’s FilesMatch directive. This allows us to list as many files as needed:

<FilesMatch "(secure\.html)|(secure\.txt)">
  AuthType Basic
  AuthName "Restricted Area"
  AuthUserFile "/home/[username]/.htpasswds/public_html/passwd"
  Require valid-user

Note: To add files, include more instances of “|(filename\.ext).”

Adding A User

  1. On the Password Directories page, scroll down and until you see Create user. Add a username in the provided text box.
  2. In the password boxes, type the password you would like the user to have.
  3. Click the Add or Modify The Authorized User button.

The folder you selected will now require a username and password to gain access. You can use the username and password you created to gain access.

If you need further assistance, feel free to contact us via Chat or Phone:

  • Chat Support - While on our website, you should see a CHAT bubble in the bottom right-hand corner of the page. Click anywhere on the bubble to begin a chat session.
  • Phone Support -
    • US: 888-401-4678
    • International: +1 801-765-9400

You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.