Skip to main content
Directory Privacy lets you add password protection to any folder on your hosting account. When someone tries to access a protected directory through a web browser, they’re prompted for a username and password before they can view the content. This is useful for staging sites, admin areas, or any content you want to restrict to specific people.
This feature only protects browser (HTTP/HTTPS) access. It does not restrict access through FTP, SFTP, or other file transfer methods. For FTP access controls, see FTP accounts.

Set up password protection

1

Open Directory Privacy

Log in to cPanel through your client area or at yourdomain.com/cpanel. Go to Files and click Directory Privacy.
2

Select the directory

Browse the folder list and click Edit next to the directory you want to protect. To protect a subdirectory, click the parent folder first to expand it, then click Edit next to the subdirectory.
3

Enable protection

Check the Password protect this directory box. Enter a label for the directory (this is just a display name, not the actual folder name). Click Save.
4

Create an authorized user

Enter a username and password for the user who should have access. Click Save.
Anyone visiting the protected directory in a browser will now see a login prompt. Only users you’ve created can access the content.

Manage authorized users

To see all users for a protected directory, go back to Directory Privacy, click Edit next to the directory, and scroll to the Authorized Users section.
  • Change a password — Enter the existing username with a new password and click Save.
  • Remove a user — Select the user and click Delete User.

Remove password protection

Go to Directory Privacy, click Edit next to the directory, and uncheck Password protect this directory. Click Save. The directory will be publicly accessible again.
Subdirectories inherit password protection from their parent. If you protect public_html/staging, everything inside it is also protected without setting it up separately.