Knowledge Base
Save up to  70% off.  Start your website today!

How to Password Protect a Folder or File on Your Website Using .htaccess

When you have sensitive information on your computer, ensuring its security becomes a priority. Password protecting a folder is a straightforward method to keep your data safe from unauthorized access. In this guide, we'll walk you through the steps to password protect a folder.

Secure Website Folders or Files

When you set up password protect for a folder or individual files on your website, user authentication is required for you to gain access. With password-protected folders or files, you can restrict unauthorized access, thus protecting your data from hackers.

What You Need

You will need the following items to complete this walkthrough:

  • The username and password to your Bluehost account.
  • The path and name of the folder you want to protect with a password.

How to Access the Directory Privacy Tool

  1. Log in to your Bluehost Account Manager.
  2. Click Hosting on the left menu.
    Hosting tab
  3. Look for the Quick Links tile, then click the CPANEL button.
    CPANEL button under Quick Links
  4. Under the Files section, click the Directory Privacy link.
    Directory Privacy icon under Files

You have accessed the Directory Privacy Tool, where you can set password protect for specific directories of your account.

How to Password Protect a Website Folder

  1. Once you have accessed the Directory Privacy tool in cPanel, navigate the folder structure and select the directory you want. To open a folder and see its contents, click the folder.
  2. Click EDIT under the Actions column for the folder you want to set the Password Protect. Edit icons next to folders
  3. Tick the Password protect this directory box.
    check box for password protect and Save button
  4. Enter a name for the protected directory. This will appear whenever someone accesses the directory. Then, click the Save button.

How to Password Protect a Website File

When you Password Protect a directory, the system will place configurations into a file called '.htaccess.' This file will be located in the folder that you protected.

Note: For step-by-step instructions on accessing and editing files in File Manager, check out How to Navigate the File Manager.

In the .htaccess file will be statements such as the following:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/[username]/.htpasswds/public_html/passwd"
require valid-user

You will now need to modify the .htaccess file to apply the statements to a specific file. This is done with the following tags:

<Files [filename]></Files >

In this example, we will protect the file 'secure.html.' This is done by modifying the .htaccess statement as follows:

<Files secure.html>
  AuthType Basic
  AuthName "Restricted Area"
  AuthUserFile "/home/[username]/.htpasswds/public_html/passwd"
  require valid-user

This can also be used to protect multiple individual files in a directory. The method is very similar. However, this time, use Apache’s FilesMatch directive. This allows us to list as many files as needed:

<FilesMatch "(secure\.html)|(secure\.txt)">
  AuthType Basic
  AuthName "Restricted Area"
  AuthUserFile "/home/[username]/.htpasswds/public_html/passwd"
  Require valid-user

Note: To add files, include more instances of “|(filename\.ext).”

How to Create a User

Follow these steps to create authorized users for selected directories:

Note: The directory needs the correct permissions for you to be able to create a user for directories. If you cannot create a user, update the directory permissions to 0700 in File Manager.

  1. Type in the desired Username.
  2. Type in the new password and confirm it.
  3. Click Save.

You can update an existing user's password by entering the user's information and the new password. You can also delete an authorized user by clicking on Delete User.

The folder you selected will now require user authentication to gain access. Use the username and password you created to gain access.


It is crucial to password-protect your website folders or files to prevent unauthorized access to your data. To ensure the security of your website, you will need to access the Directory Privacy Tool in cPanel. This guide provides:

  • Step-by-step instructions on password-protecting a website folder or file.
  • Modifying the .htaccess file to apply the protection to a specific file.
  • Creating authorized users for selected directories.

By following these instructions, you can ensure that your website is safeguarded against any malicious intent.

If you need further assistance, feel free to contact us via Chat or Phone:

  • Chat Support - While on our website, you should see a CHAT bubble in the bottom right-hand corner of the page. Click anywhere on the bubble to begin a chat session.
  • Phone Support -
    • US: 888-401-4678
    • International: +1 801-765-9400

You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.

Did you find this article helpful?

* Your feedback is too short