To password protect a directory:
- Log into your cPanel and click on the Password Protect Directories icon found under Security.
- Choose Web Root (you may also need to select Show Hidden Files)
- Click on the name of the directory that you wish to password protect.
- Check the box for Password protect this directory.
- Fill in Name the protected directory field. This will be the message shown to visitors when they try to login and can be anything you like.
- Click on the Save button below.
- Click Go Back.
- Fill in a Username and Password at the bottom of the page, and click Add/modify authorized user.
To ensure your directory has been password protected, launch your browser and view the directory. If the browser prompts you to login, then your folder has been password protected.
404 Error When Using a URL with a Shared Server SSL
If you are accessing a password protected directory with a URL that includes the use of a shared server SSL (https://securexxx.digicom.com/~<user>/<whatever>) and receiving a
404 error, this is because Apache is looking for a 401 page and serving a 404 when it is not found.
To resolve this, add a single line to the .htaccess file in the protected directory, to give Apache the 401 page it is looking for (ErrorDocument 401 "Authorization Required").
For information on how to add this line to your .haccess file, please read:
Example
In the following code, please be sure to replace yourusername with your actual cPanel username, and also be sure the digicom114 is replaced with your actual server number. This information can be found in your welcome email as well as on the left navigation menu in your cPanel.
Before Fix:
AuthName "home"
AuthUserFile "/home/yourusername/.htpasswds/public_html/home/passwd"
require valid-user
After Fix:
AuthName "home"
AuthUserFile "/home/yourusername/.htpasswds/public_html/home/passwd"
require valid-user
ErrorDocument 401 "Authorization Required"
500 Error After Login
Check the folder ownership on the .htpasswds folder (above public_html). Change them from user.user to user.nobody and ensure the permissions are set to 750 and then refresh your protected page. The error will be gone.