1. bluehost knowledge base

Password Protect a Folder or File on your Website


What You Need

You will need the following items to complete this walkthrough.

  • The username and password to your Bluehost account.
  • The path and name of the folder you want to protect with a password.

Access The Password Protect Directories Tool


  1. Log in to your Bluehost account.
  2. On the left side menu option, click Advanced.
  3. Under the Files section, click on Directory Privacy.


  1. Log in to your Bluehost control panel.
  2. Make sure you are on the cPanel tab at the top of your account.
  3. Scroll down to the Security group of icons and click on Directory Password.

Protecting a Directory

  1. Navigate the folder structure and select the directory you want.
    NOTE: To open a folder and see its contents click the folder. To select a folder for password protection click on the folder name.
  2. Choose the Password protect this directory option.
  3. Enter the name for the directory, this will appear whenever someone access the directory.
  4. Click Save.

Protecting a File

When you Password Protect a directory, the system will place configurations into a file called '.htaccess'. This file will be located in the folder that you protected.

In the .htaccess file will be statements such as the following:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/[username]/.htpasswds/public_html/passwd"
require valid-user

    You will now need to modify the .htaccess file so that it applies the statements to a specific file. This is done with the following tags:

    <Files [filename]></Files >

      In this example, we will protect the file 'secure.html'. This is done by modifying the .htaccess statement as follows:

      <Files secure.html>
        AuthType Basic
        AuthName "Restricted Area"
        AuthUserFile "/home/[username]/.htpasswds/public_html/passwd"
        require valid-user

        This can also be used to protect multiple individual files in directory, the method is very similar, however this time use Apache’s FilesMatch directive. This allows us to list as many files as needed:

        <FilesMatch "(secure\.html)|(secure\.txt)">
          AuthType Basic
          AuthName "Restricted Area"
          AuthUserFile "/home/[username]/.htpasswds/public_html/passwd"
          Require valid-user

          Note: To add files, include more instances of “|(filename\.ext)”.

          Adding A User

          1. On the Password Directories page, scroll down and under Create user, add a username in the the username box.
          2. In the password boxes type the password you would like the user to have.
          3. Click the Add or Modify The Authorized User button.

          The folder you selected will now require a username and password to gain access. You can use the username and password you created to gain access.