How to protect directories from unauthorized access in cPanel
John Mwaniki / Updated on 07 Jul 2024When you publish your website, some website visitors(mostly with malicious intent) may try to access website folders/directories that they are not supposed to.
You can protect your folders from unauthorized access in two ways in cpanel:
1. Directory Privacy
This option allows you to set a password for the directory you want to protect.
When a user attempts to access the protected directory through a browser, they will be prompted to enter a username and password in order to view its contents.
Step 1: Click on Directory Privacy under Files section.
Step 2: Click on the folder names or their icons to navigate through to your desired destination folder.
Step 3: Once you can see the folder you want to protect in the list, click on its "Edit" button in the Actions column. You will be redirected to the page below. Check/tick on "Password protect this directory". Then enter the name of the protected directory that you would like displayed on the prompt to enter the password when being accessed. Then click “Save”.
You will see a success message like the one shown below. Click "Back" to return to the directory privacy page.
Step 4: Scroll down to the "Create User" section. Write your preferred username and password for the directory and click “Save”. You need to use a strong password. You can do so through help of the password generator.
After saving you should see a success message as below.
If someone tries to access the protected directory by typing its URL in the address bar, they will be prompted to provide a username and password as shown below.
Once you sign in with the correct credentials, then you will be granted permission to access the file in the protected directory as shown below.
To undo the directory protection, click on “Directory Privacy” under the Files section. Then scroll down to the “Authorized Users” section and delete users.
The other way to undo it is by unchecking the "Password protect this directory" checkbox then clicking "Save".
2. Indexes
The Index Manager allows you to customize the way a directory will be viewed on the web. It enables you to deny access to particular directory.
Step 1: Click on “Indexes” under the Advanced section.
Step 2: Click on the folder names or their icons to navigate through to your desired destination folder.
Step 3: Once you can see the folder you want to protect in the list, click on its "Edit" button in the Actions column. Choose “No Indexing” and click “Save” to deny access to it.
If anyone tries to access this directory by typing its URL on the address bar, they will see a 403 Forbidden error message meaning they don’t have adequate permission to access it.
If you have created a 403 error page, they will see it eg for our case as below.
Bonus Points
Quick alternative ways to protect your directories include:
i). Creating a file in the folder you want to protect, name it .htaccess. In it, write this one line as below inside it:
Options -Indexes
It is the easiest way to do no indexing.
ii). Redirect the directory to the home page or to any page of your choice. Simply create an index file of your server-side language and place it in the folder. In it, write a redirect code. Each time someone tries to access the directory, they get redirected to your chosen destination and won’t be able to view the files in that directory. See below a PHP file named index.php.
<?php
header("Location: https://www.webdevsplanet.com");
Conclusion
Security is very crucial when it comes to the development and maintenance of a website. It is important to protect directories that contain any sensitive files or any which you do not want its content to be accessed by the public. In this article, we have covered in detail how you can protect your directories from unauthorized access.