How to protect a folder with Directory Privacy in cPanel

Category: cPanel

cPanel Directory Privacy lets you require a username and password before opening a specific folder on your site. It is useful for protecting a staging folder, private downloads, client files, or a section you do not want to publish yet.

This protection applies to the web path for that folder. Before you enable it, confirm that you are not blocking files your public site needs, such as images, CSS, or application assets.

Before you start

  • Have access to cPanel for the account where the domain is hosted.
  • Identify the exact folder you want to protect, for example public_html/staging or public_html/clients.
  • Decide which user will be allowed to enter and save a strong password in a secure password manager.
  • Test the change on a specific folder before protecting all of public_html.

Choose the correct folder

  1. Log in to cPanel and search for Directory Privacy. If your panel is localized, it may appear as Privacidad de directorios.
  2. Open the tool and browse the folder tree until you reach the path you want to protect.
  3. Click the folder name, not only the icon that expands subfolders.
  4. Confirm that the path matches the correct domain or subdomain before saving changes.

If you are unsure about the path, open File Manager in another tab and compare the folder with the URL you want to protect.

Enable folder protection

  1. Inside the selected folder, select the option to password protect it.
  2. Enter a visible name for the protected area; it can be something descriptive such as Private area or Site staging.
  3. Save the change and wait for the cPanel confirmation.
  4. Check whether cPanel says the protection also applies to subfolders, especially if there is public content inside that path.

The visible name may appear in the browser authentication window, so avoid using sensitive information.

Create the authorized user

  1. On the same Directory Privacy screen, find the section for creating users.
  2. Enter the username that will have access to the folder.
  3. Generate or paste a strong password and save it before you continue.
  4. Click Save, Guardar, or the equivalent button in your cPanel version.
  5. Confirm that the login appears in the list of authorized accounts for that folder.

If you need to give access to someone else, create a separate user. That lets you remove one access without changing the password for everyone.

Test access from the browser

  1. Open a private or incognito browser window.
  2. Visit the protected folder URL, for example https://yourdomain.com/staging/.
  3. Confirm that the browser asks for a username and password before showing the content.
  4. Enter the login you created and check that the folder loads correctly.
  5. Close the private window and open the URL again to confirm that you were not relying on a previous session.

If the site asks for a password on pages that should be public, you probably protected a folder higher than needed.

Common errors

  • The URL does not ask for a password: check that you protected the correct folder and test in a private window to rule out cache or saved credentials.
  • The password does not work: confirm the exact username, reset the password from Directory Privacy, and copy it again without extra spaces.
  • The public site looks broken: you blocked access to images, CSS, or scripts used by other pages; move those assets or protect a more specific subfolder.
  • Someone else can no longer enter: create an individual user for that person or reset only their password, without sharing one generic account.

Still need help?

If this guide didn’t solve your issue, our team can help you via ticket.

Open ticket Go to my account