As a WordPress user, you often have to create files and folders on your web server for various reasons. You may want to create a cookie on your local machine to exclude your own visits from analytics, or you want to run sundry scripts to determine and modify configurations, or whatever. In all these cases, you want to access these files from the web but don’t want unauthorized users messing around with them. Many browsers like Chrome just list the contents of a directory and it can be trivial for some random person to access content they don’t have any business working with. If you have a hosting plan with cPanel, here’s how to password protect a folder on your website. These users are distinct from your hosting or database users. You can give them out to those who need access without worrying about compromising security.
Accessing Password Protection via cPanel
For purposes of demonstration, I’ve created a test folder that we’re going to password protect from scratch. I’ve placed it in the root WordPress directory using FTP.
Log into your hosting account and navigate to the cPanel interface. Scrolling down, you will find a tab called “Security” and a folder called “Directory Password” as shown below:
When you click this option, you will be prompted to select the folder in which you want to open the browser. Select the relevant one and hit “Go”
Next, just drill down to the folder you want to protect. Open folders by clicking the icon next to them and select the one you finally want to protect by clicking its name
Creating Folders and Usernames
Now it’s time to set up access. There are two parts to this. First, we have to name the directory we want to protect. This is completely different from the folder’s actual name and has no bearing on it. Give it a name that’s informative and which will make sense to an authorized user. Go ahead and hit “Save”. Once that’s done, we can now create the users.
As seen in the screenshot above, you can go ahead and create as many users as you want specific to this particular directory. Any other folder will have a different set of usernames and passwords allowing you to implement extremely fine grained control over various parts of your hosting. You can also use the inbuilt password generator to conveniently create strong passwords for your folders.
Accessing your Folders via HTTP
Once all that is done, go ahead and try and access the folder via the web browser. If all goes well, you should receive a pop up similar to the one shown below depending on whether you’re using Chrome, Firefox, or Internet Explorer:
Remember that this protection is only available for access using the HTTP protocol. This will not be able to create a wall in front of those who already have FTP privileges. Also, you cannot control access to individual files – only folders. There are ways to do the same with files as well, but that’s a more advanced functionality and necessitates the use of .htaccess file manipulation. That’s for another day!
Password protecting a folder using cPanel recursively does the same for all other subfolders underneath it. The ease of use and flexibility makes it an ideal tool for those who need to have easy access to all kinds of sensitive documents on their hosted directory from the browser and want to keep them safe from prying eyes as well.