Password-protected directories restrict access to specific folders on your website. Visitors must enter a username and password before they can view anything inside the protected folder. This is useful for client portals, staging areas, or private downloads.

How to create a password-protected directory

  1. Log in to Plesk.
  2. Go to Websites & Domains and find your domain.
  3. Click Password-Protected Directories.
  4. Click Add Protected Directory.
  5. In the Directory name field, type the path to the folder you want to protect (relative to your document root). For example: private to protect httpdocs/private.
    • To protect your entire website, enter /.
  6. Optionally, enter a Title of the protected area — this is the message visitors see in the login prompt.
  7. Click OK.

Note: On Plesk for Linux, the directory will be created automatically if it doesn’t exist yet.

How to add users to the protected directory

A protected directory with no users means nobody can access it. You need to add at least one user:

  1. In the Password-Protected Directories list, click the name of the directory you just protected.
  2. Click Add a User.
  3. Enter a Username and Password.
  4. Click OK.

You can add multiple users if different people need access. Each user gets their own login credentials.

How to test it

Open your browser and navigate to the protected URL (e.g. https://yourdomain.com/private/). You should see a login prompt asking for a username and password.

How to remove password protection

  1. Go to Websites & Domains > Password-Protected Directories.
  2. Tick the checkbox next to the directory.
  3. Click Remove Protection.
  4. Confirm the removal.

The directory and its files will remain on the server — only the password protection is removed.

Important notes

  • Protecting a parent directory automatically protects all subdirectories beneath it.
  • Don’t include httpdocs in the directory name — just enter the folder name relative to the document root.
  • Password protection uses HTTP Basic Authentication (.htpasswd). It’s secure over HTTPS but credentials are sent in plain text over HTTP. Always use SSL on your domain.

Troubleshooting

  • Login prompt doesn’t appear: Clear your browser cache and try in an incognito window. If Apache restart intervals are configured on your server, protection may not take effect until the next restart.
  • “401 Unauthorized” even with correct credentials: Remove the user and re-add them with a new password. Ensure there are no special characters in the password that may cause issues.
  • Want to change a user’s password? Click the directory name, then click the username, and set a new password.
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to Upload Files Using the Plesk File Manager

The Plesk File Manager lets you upload website files directly from your browser without needing...
Understanding the httpdocs Directory Structure in Plesk

The httpdocs directory is the web root of your website in Plesk — every file placed here is...
How to Edit Files in the Plesk File Manager

The Plesk File Manager includes built-in text and code editors, so you can edit files directly on...
How to Change File Permissions in the Plesk File Manager

File permissions control who can read, write, and execute files on your hosting account....
How to Search for Files in the Plesk File Manager

The Plesk File Manager includes a search tool that lets you find files by name or content. This...