How To Create A Website Password Protected Folder

A Password Protected Folder is a normal folder, called members for example, that you create inside your public_html folder using a ftp client or your file manager control panel for example. That newly created folder then has a User Name & Password applied to it, by you, using the PASSWORD PROTECT DIRECTORIES (folders) security control panel. In this example I have already created a folder called members inside my public_html folder and I assume you know how to do this yourself. If not, read the section called How To Create A Folder With File Manager.

To begin this example login to your CPanel and then locate its security section where you should then see a link called PASSWORD PROTECT DIRECTORIES (folders). Click on it and a window with the title Password Protect Directories Directory Selection will appear (Fig 1.1) that allows you to choose which directory (folder hierarchy) to open. In this example just leave its WEB ROOT (PUBLIC_HTML/WWW) option selected and put a tick next to the option called SHOW HIDDEN FILES (DOTFILES) before clicking on the GO button. If you do not want to see the Password Protect Directories Directory Selection window again put a tick next to the option SKIP THIS QUESTION...

Fig 1.0 Click on the link (security control panel) called PASSWORD PROTECT DIRECTORIES to continue

Fig 1.1 Click on the GO button to continue

After clicking on the GO button you might see a message requester appear similar to the one below. It is saying that because the Microsoft Office FrontPage Extensions are installed on the server by default, by the web hosting provider, directory (folder) password protection will not work. These extensions allow you to interact with features of Microsoft Office FrontPage (an HTML Editor and Website Administration Tool from Microsoft). This basically means you must uninstall those frontpage extensions (see Uninstall FrontPage Extensions below) before you can use directory password protection. In this example I have uninstalled those frontpage extensions.

Fig 1.2 The FrontPage Extensions need to be uninstalled for password protection to work

Once the frontpage extensions have been uninstalled, clicking on the link (security control panel) called PASSWORD PROTECT DIRECTORIES again will bring up the Password Protect Directories Directory Selection window again but this time with slightly less options. Never mind that though. Just leave the WEB ROOT option selected and the SHOW HIDDEN FILES option ticked before clicking on the GO button - The same procedure as in Figures 1.0 to 1.1 above.

Fig 1.3 Click on the GO button to continue

Clicking on the GO button takes you to the Password Protect Directories area where you can choose which folder (directory) you want to password protect. To password protect the members folder, assuming you have created it, you must click on its link/name and not on its folder icon. Clicking on its folder icon will open it (go inside it) whereas clicking on its link/name will allow you to protect it.

Fig 1.4 Click on the link/name of the folder you want protecting

Fig 1.5 Set up a comment, tick the PASSWORD PROTECT THIS DIRECTORY option and then click on the SAVE button to continue

Before you can assign any User Names & Passwords to the folder you must first set up a description or comment for it such as Members Only, Please Enter Your Details, You Must Be Logged In To Be A Member or whatever. In this example I typed Members Only into the NAME OF PROTECTED DIRECTORY edit box, ticked the option called PASSWORD PROTECT THIS DIRECTORY and then clicked on the SAVE button to continue. Doing so automatically sets up the .htaccess file (protection file) for you - Each directory (folder) that is password protected has a file placed inside it that basically tells the server who is allowed access to this directory (folder). This file can be manually edited but it is best to add user names and passwords to it via this control panel.

Fig 1.6 Click on the GO BACK link to continue

After clicking on the SAVE button (Fig 1.5 above) you will get a confirmation that the folder was successfully password protected (Fig 1.6 above). However, at this time there are no Authorized Users who can access the password protected folder. Therefore, you now need to create user names and passwords for that folder. To do this you simply enter a user name into the USERNAME edit box, a password and confirmation password into their relevant PASSWORD edit boxes and then click on the ADD/MODIFY AUTHORIZED USER button to continue.

Fig 1.7 Fill in the USERNAME, PASSWORD and PASSWORD (AGAIN) edit boxes before clicking on the ADD/MODIFY AUTHORIZED USER button to continue.

Fig 1.8 The Authorized User, john, has been set up successfully - Click on the GO BACK link to continue

In Fig 1.7 above I have created a user name of JOHN and a password of PWORD_2009 (lowercase). Once created you will get the standard confirmation message (Fig 1.8 above). Clicking on the GO BACK link will display that newly created authorized user inside the AUTHORIZED USERS list box on the main window (Fig 1.9 below). If you later wish to delete an authorized user from the list simply select their name and then click on the DELETE USER button - To recreate that same user you will need to follow the above procedure again.

Fig 1.9 Select the authorized user you want to delete and then click on the DELETE USER button to do it

If you now go back to the PASSWORD PROTECT DIRECTORIES link (security control panel) and click on it you should see a PadLock icon next to the members directory (folder).

Fig 1.10 The members folder is now password protected, denoted by a PadLock icon.

All you need to do now is test the authorized user name & password out using your web browser. Type the path name (URL) of your password protected folder into your web browser's address bar edit box and then click on the GO button to continue. In this example I typed www.websitecreationhelp.com/members into internet explorer's address bar edit box. After this step a security message requester appears asking you to enter the Name & Password of the authorized user. I entered the name JOHN and the password PWORD_2009 (both lowercase). One thing you should notice on the message requester is the description or comment you made for this user (i.e. Members Only).

Fig 1.11 Enter the Name & Password of the Authorized User

With the correct details in place you should then see the index web page or content of your password protected folder in the display area of your web browser, provided you have put an index web page or content inside it of course. If you have not, all you will see is a Parent Directory link/notice. And if you enter the wrong details in the security message requester, 3 times, you will see the following 401 Error Message.

Fig 1.12 Oh dear!...Error 401. After 3 attempts at the user name and password this visitor was thrown out!

If you want to customize the 401 Error Message you can do with a text edit or html editor for example. Doing so will make you look more professional. Editing the 401 file is a small detail but often a small detail that is overlooked. Having a customized 401 error web page means you can put links inside it to your product(s) and/or service(s), make announcements and promote your website to an audience that might otherwise not exist. The above error message might not mean that much to a standard visitor, other than "I got an error", but the same web page with "Page could not be found - Please visit www.???.com for all your 'whatever' needs" could bring in visitors who would not normally of known about your website. Take the following scenario:

Someone has www.computermusic.com/albums and you own www.computermusik.com but had no albums folder inside it. A visitor typing www.computermusik.com/albums by mistake would be brought to your website and then be sent to your 401 Error Message web page. Why? Because although www.computermusik.com/ is valid, with albums on the end of the URL (path name) it is not valid - because the albums folder does not exist. And the same applies to general web pages and error 404. If you had a web page called about_me.htm, which no longer exists, visitors will be sent to your 404 Error Message web page. In which case you could put "Page does exist. Please see our new ??? web page, full of ??? products" on that 404 error message web page.

In Fig 1.2 I was explaining the FrontPage Extensions and that you need to uninstall them if you want to use the Password Protect Directories control panel. So below are brief instructions for deleting them.

Begin by locating and then clicking on the FRONTPAGE EXTENSIONS link, which could be classed as an Advanced control panel, to open FrontPage Extensions window (control panel). From there, click on the UNINSTALL EXTENSIONS button (Fig 2.1) to uninstall the extensions (Fig 2.2).

Fig 2.0 Click on the FRONTPAGE EXTENSIONS link to continue

Fig 2.1 Click on the UNINSTALL EXTENSIONS button to continue

Fig 2.2 The frontpage extensions have been removed (uninstalled)

Once the frontpage extensions have been removed (uninstalled) click on the GO BACK link (above) which will take you back to the uninstall window. Now though, the function buttons have changed. Before they were called REINSTALL EXTENSIONS and UNINSTALL EXTENSIONS respectively but are now called INSTALL EXTENSIONS and CLEANUP OLD EXTENSIONS respectively. Clicking on the CLEANUP OLD EXTENSIONS button cleans up (fixes or deletes) any old fragments (remainders) of the original (old) installation files.

Fig 2.3 Click on the CLEANUP OLD EXTENSIONS button to continue

Fig 2.4 Fragments (remainders) of the original (old) installation files have been cleaned up (fixed or erased)

Do not worry too much about the FrontPage Extensions in general because many people never use them simply because they consider Microsoft FrontPage too expensive (still around £50-£100 at this time) and find alternatives to using it (i.e. an HTML Editor, Dreamweaver and other tools) and because Microsoft FrontPage is now obsolete (discontinued).....superseded by Microsoft SharePoint Designer and Microsoft Expression Web (FrontPage's replacement).