The web host accessible to all
Hébergement Mutualisé LWS Linux et formule domaine 10 Avril 2026 Créé par 1mn de lecture

How do you protect access to a directory on your web hosting?

Sommaire

Procédure

Objective

This documentation guides you step-by-step through securing access to a specific directory on your web hosting using password protection. There are two ways to do this:

  • Method 1: Using the LWS Panel, which automatically generates the necessary files.
  • Method 2: Manual creation of .htaccess and .htpasswd files if you prefer to manage the configuration yourself.

Why protect a directory?

Protecting a directory with a password is essential when you have sensitive or private information that you only want certain people to have access to. This can be useful for directories containing administrative files, documents reserved for a team or confidential data. This protection ensures that only authorised people can access these files.

Important details

  • The root directory (htdocs): It is important to note that the root directory cannot be protected using the LWS Panel's simplified method. This method does not allow you to protect your site's root directory. If you wish to protect this directory, you will need to use the manual method by creating and configuring the .htaccess and .htpasswd files directly.
  • Propagation of protection to subdirectories: When you protect a directory, this protection is automatically applied to all the subdirectories and files contained in this directory. This means that if you add protection to a folder, all pages and resources within that folder will also be password protected. If you wish to exclude certain sub-directories from protection, this requires specific configuration in the .htaccess file.

Prerequisites

  • Web hosting managed by the LWS Panel (excluding domain package).
  • Access to your LWS Panel or the ability to manipulate files on your hosting via FTP or a file manager.
  • A username and password that you want to assign to access the protected directory.

Method 1: Protection via the LWS Panel

Step 1: Access the LWS Panel

  1. Log in to your LWS customer area.
  2. Select the domain for which you want to add protection.
  3. In the "Files" section, click on "Folder protection".
    How do you protect access to a directory on your web hosting?

Step 2: Fill in the protection form

  1. Enter a username and password. This information will be used to access the protected directory.
    How do you protect access to a directory on your web hosting?
  2. Specify the directory to be protected (4) to finish, (with the exception of the root directory).

Step 3: Activate protection

  1. click on the validate button (5)
  2. Once the form has been validated, the LWS Panel automatically generates the necessary files: .htaccess and .htpasswd are created and placed in the directory to be protected. Do not delete them, otherwise the directory will no longer be secure.
  3. Password protection is activated immediately. From then on, anyone trying to access the directory will have to enter the username and password that have been set.

Method 2: Manual protection via .htaccess and .htpasswd files

If you prefer to manage the password protection configuration yourself, you can create the .htaccess and .htpasswd files manually. Here's how to do it, step by step.

Step 1: Create the .htpasswd file

The .htpasswd file contains the credentials (username and password) used to access the protected directory. This file must be placed in a secure location, out of reach of visitors to your site.

  1. Connect to your file manager via the LWS Panel or use an FTP client such as FileZilla.
  2. Go to the directory where you wish to store the .htpasswd file. IMPORTANT: It is recommended that you do not place it in the directory you want to protect. You can create a private folder at the root of your site, such as private/, to put this file in.
  3. Create a file called .htpasswd in this directory.

  4. Add a username and password to this file in the form :

    username:password

    Example: If you want the user to be "admin" with the password "secret123", you should first encrypt the password (you can use an online generator for this). After encryption, it could look like this:

    admin:$apr1$N9j7h9gk$JdFqjD/yDg2wMNtnTsdwU.

    You can use online generators such as htpasswd generator to create the secure password.

Step 2: Create or modify the .htaccess file

The .htaccess file is responsible for managing access rules to your directory. It must be placed in the directory you wish to protect. If the .htaccess file already exists, you need to modify it.

  1. Go to the directory you want to protect (for example, a private folder).
  2. If the .htaccess file doesn't already exist, create it in this directory. If this file already exists, open it to edit it.

  3. Add the following lines to the .htaccess file to enable password protection:

    AuthType Basic AuthName "Protected space" AuthUserFile /path/to/.htpasswd Require valid-user

    Explanation of lines :

    • AuthType Basic: This defines the type of protection (here, basic password protection).
    • AuthName "Protected area": This text will appear in the login request dialogue box. You can customise it (for example: "Restricted access").
    • AuthUserFile /path/to/.htpasswd: This is where you specify the absolute path to the .htpasswd file you created in the previous step. Example: if the .htpasswd file is in a private folder, the path could be /home/user/private/.htpasswd.
    • Require valid-user: This means that a valid user, whose username and password are in the .htpasswd file, will be able to access the directory.

    IMPORTANT: Make sure you use the absolute path to the .htpasswd file, so that the server can find this file wherever it is located.

Verification and expected result

  • You should be redirected to a login window when you try to access the protected directory. Once you have entered the correct information, you will be authorised to access the content.
    How do you protect access to a directory on your web hosting?
  • If you get an error message, make sure that the path to the .htpasswd file is correct and that the file contains valid encrypted credentials.

Common errors

  1. Error 403 (Access denied):
    • Check that the .htpasswd file is in a secure directory and that its path is correctly specified in the .htaccess file.
    • Make sure that the .htpasswd file contains the encrypted credentials and that it is correctly formatted.
  2. Incorrect password :
    • If the password does not work, check that it is correctly encrypted in the .htpasswd file. Use an online encrypted password generator to generate a new secure password.
  3. Error 404 (File not found):
    • Make sure that the .htaccess file is in the correct directory and that it is correctly named (with a full stop in front of it).

Conclusion

Protecting a directory with a password is a simple and effective method of securing sensitive information on your website. You can choose to do this via the LWS Panel, which automatically generates the necessary files, or manually by creating and configuring the .htaccess and .htpasswd files yourself. Both methods ensure that only people with the right credentials can access the contents of the directory.

Lectures associées

Rate this article :

5/5 | 2 opinion

This article was useful to you ?

Article utileYes

Article non utileNo

MerciMerci ! N'hésitez pas à poser des questions sur nos documentations si vous souhaitez plus d'informations et nous aider à les améliorer.


Vous avez noté 0 étoile(s)

Similar articles

1mn reading

0mn reading

How do you download or restore a backup of your web files?

0mn reading

How do you back up or restore your emails?

0mn reading

How do I download or restore a Mysql database backup?

Questions sur l'article
Poser une question à LWS
ThChor Il y a 1332 days
Bonjour sur mon arborescence : racine ............ sous-domaine1 dossier1.1 sous-dossier1.2.1 mettre un mot de passe sur le sous-dossier1.2.1 Comment faire
See the
1 answers
fabrice-LWS - Il y a 1331 days
Bonjour, concernant la protection d'un dossier, vous êtes limités au niveau du nombre de caractères en passant par l'espace client. De ce fait, cela ne vous permettra pas de protéger "/htdocs/sous-domaine.com/repertoire1/repertoire" comme vous désirez le faire. La limite est de 30 caractères au niveau de cela. La solution serait de suivre la procédure suivante afin de mettre en place un fichier htpasswd et .htaccess pour protéger le répertoire concerné : https://www.wakdev.com/fr/more/wiki/divers/les-htaccess-et-htpasswd.html
Utile ?
Billy Il y a 1324 days
Bonjour, Est-il possible de protéger par mot de passe l’accès à un sous-domaine (à la racine d’un sous-domaine si l’on peut dire). Ou bien est-ce comme la racine du domaine principal ?
See the
1 answers
fabrice-LWS - Il y a 1323 days
Bonjour, cela ne pourra pas fonctionner par le biais de votre espace client, en cliquant sur "Protection dossier". En effet, les points dans le nom du répertoire ne sont pas autorisés. Vous pouvez néanmoins protéger un sous domaine en suivant la procédure suivante : https://www.wakdev.com/fr/more/wiki/divers/les-htaccess-et-htpasswd.html
Utile ?
Billy Il y a 1324 days
Bonjour, Est-il possible de protéger par mot de passe via la méthode manuelle l’accès à un dossier dans la formule "Domaine" ? Si oui, sans php, je n’arrive pas à trouver le "realpath" et à accéder au .htpasswd… Est-il possible de déduire ce realpath ?
See the
1 answers
fabrice-LWS - Il y a 1323 days
Bonjour, vous avez la possibilité de protéger un répertoire sans passer par "Protection dossier" accessible sur votre espace client. Pour cela, je vous invite à suivre la procédure suivante: https://www.wakdev.com/fr/more/wiki/divers/les-htaccess-et-htpasswd.html
Utile ?

Ask the LWS team and its community a question

About LWS :  LWS is a 100% French web hosting company that focuses on quality and innovation and offers a responsive and competent technical service at affordable prices.
English
Our services
ONLINE HELP
Other resources
Follow us