How to password-protect a directory

This guide shows you how to password-protect any directory on your HOSTDOG hosting account using the built-in tool in your control panel. You can also set it up manually via .htaccess and .htpasswd files if you prefer more control.

Prerequisites

An active HOSTDOG hosting account
Access to your hosting control panel
The directory you want to protect must already exist on your hosting account

Method 1: Using the control panel

The simplest way to password-protect a directory is through the built-in tool in your hosting control panel.

Step 1:

Log in to your control panel

Navigate to the HOSTDOG homepage and click the Log in button in the top right corner. Once in the Client Area, go to Services, select your hosting plan, and click Log in to Control Panel.

Step 2:

Open Directory Privacy

In your control panel, find the Security section and click Directory Privacy. This displays the directory tree of your hosting account.

Step 3:

Select the directory

Navigate through the folder tree and click on the directory you want to protect. This could be any folder — for example, /public_html/staging or /public_html/admin.

Step 4:

Enable password protection

Check the box labelled Password protect this directory. Enter a name for the protected area — this label appears in the authentication prompt that visitors see. Click Save.

Step 5:

Create an authorised user

After saving, scroll down to the Create User section. Enter a username and a strong password, then click Save. You can create multiple users if several people need access to the protected directory.

Tip: Use a unique username and password for directory protection — do not reuse your control panel or email credentials.

Method 2: Using .htaccess manually

For more control, you can set up directory protection manually using .htaccess and .htpasswd files.

Create the .htpasswd file

First, create a .htpasswd file in a location outside your web root (e.g. /home/username/.htpasswd) so it is not accessible from the web. You can generate an encrypted password entry using an online htpasswd generator or via SSH:

htpasswd -c /home/username/.htpasswd myuser

The -c flag creates a new file. To add additional users to an existing file, omit the -c flag.

Create the .htaccess file

In the directory you want to protect, create or edit the .htaccess file with the following content:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/username/.htpasswd
Require valid-user

Replace /home/username/.htpasswd with the actual path to your .htpasswd file.

Important: Always store the .htpasswd file outside public_html to prevent it from being downloaded by visitors.

Remove password protection

To remove the protection:

Via control panel: Go back to Directory Privacy, select the directory, and uncheck Password protect this directory.
Manually: Delete or comment out the authentication directives in the .htaccess file in that directory.

Frequently asked questions

Does password protection work with HTTPS?

Yes. Password protection works with both HTTP and HTTPS. However, you should always use HTTPS (which is included free with your HOSTDOG hosting) to ensure the username and password are encrypted in transit. Without HTTPS, credentials are sent in plain text.

Can I protect my WordPress admin area this way?

Yes. Password-protecting the /wp-admin directory adds an extra layer of security on top of the WordPress login. However, you may need to add an exception for admin-ajax.php if your theme or plugins use AJAX on the front end. Contact support if you need help setting this up.

Can I protect individual files instead of a whole directory?

Yes, but only via the manual .htaccess method. Use a <Files> directive to target specific files. The control panel tool protects entire directories only.