Password-Protecting Directories

<h3>Setting Up .htpasswd Protection in DirectAdmin</h3> <p>Password-protecting a directory adds a layer of security by requiring a username and password before anyone can access the files in that folder. This is commonly used for staging sites, admin areas, or sensitive content.</p> <h3>Using DirectAdmin's Built-in Tool</h3> <ol> <li>Log in to DirectAdmin and navigate to <strong>Advanced Features &rarr; Password Protected Directories</strong> (sometimes listed under <strong>System Info &amp; Files</strong>).</li> <li>Click <strong>Add New Protected Directory</strong> or <strong>Protect a Directory</strong>.</li> <li>Browse and select the directory you want to protect, or type the path relative to your home directory (e.g., <code>/domains/example.com/public_html/admin</code>).</li> <li>Enter a <strong>username</strong> and <strong>password</strong> for accessing the directory.</li> <li>Optionally set a <strong>name</strong> for the protected area (this appears in the login prompt).</li> <li>Click <strong>Save</strong> or <strong>Protect</strong>.</li> </ol> <h3>Manual Setup via .htaccess and .htpasswd</h3> <p>You can also set this up manually using the File Manager or FTP.</p> <p><strong>Step 1:</strong> Create a <code>.htpasswd</code> file outside the web-accessible directory (e.g., in <code>/home/username/.htpasswd</code>):</p> <pre><code>username:$apr1$xyz$HashedPasswordHere</code></pre> <p>Generate the hashed password using the command line or an online htpasswd generator tool.</p> <p><strong>Step 2:</strong> Create or edit the <code>.htaccess</code> file inside the directory you want to protect:</p> <pre><code>AuthType Basic AuthName "Restricted Area" AuthUserFile /home/username/.htpasswd Require valid-user</code></pre> <div class="alert alert-info"><strong>Tip:</strong> Place the <code>.htpasswd</code> file outside your <code>public_html</code> directory so it cannot be downloaded by visitors. The <code>AuthUserFile</code> path must be the full absolute server path.</div> <h3>Managing Users</h3> <p>To add additional users, return to the Password Protected Directories section in DirectAdmin and add new username/password combinations. Each user will have their own credentials. To revoke access, simply remove the user entry.</p> <h3>Removing Protection</h3> <p>To remove password protection, go back to the protected directories list, select the directory, and click <strong>Remove Protection</strong>. This deletes the relevant <code>.htaccess</code> rules and <code>.htpasswd</code> entries.</p>