Protecting specific directories with a username and password is a simple way to restrict access to sensitive files or internal areas of a website. Plesk provides a built-in feature that lets you add or remove password protection without editing server configuration files manually.
This feature is commonly used on environments managed through Plesk hosting where site-level access control is required.
When Directory Protection Is Useful
Password-protected directories are typically used for:
- Internal documentation or private downloads
- Staging or test areas that should not be public
- Temporary access for clients or team members
When a directory is protected, all subdirectories inside it are automatically protected as well.
Adding Password Protection to a Directory
Schritt 1: Open password-protected directories
Log in to the Plesk control panel.
From the left sidebar, open Websites & Domänen und klicken Sie Password-Protected Directories.
[Screenshot: Websites & Domains page with Password-Protected Directories icon]
Schritt 2: Create a protected directory
Klicken Add Protected Directory.
Enter the name of the directory you want to protect.
Do not include httpdocs in the directory name. Only enter the directory name itself.
Optional, enter a title for the protected area. This title is shown in the browser authentication prompt.
Klicken OK to create the protected directory.
[Screenshot: Add Protected Directory form]
Schritt 3: Add a user
From the list of protected directories, click the name of the directory you just created.
Klicken Add a User.
Enter a username and password for access to the directory, then click OK.
[Screenshot: Protected directory user creation screen]
Password protection is now active for the selected directory.
Removing Password Protection
If a directory no longer needs to be protected, access restrictions can be removed at any time.
Schritt 1: Select the directory
Offen Password-Protected Directories and select the checkbox next to the directory.
[Screenshot: Protected directories list with selection checkbox]
Schritt 2: Remove protection
Klicken Remove Protection, confirm the removal, and save the change.
Once removed, the directory and its subdirectories will be publicly accessible again.
Practical Notes
- Use strong, unique passwords for protected directories
- Remove protection when it is no longer needed
- Avoid protecting large public areas unnecessarily
Directory-level access control is especially important on shared or multi-site setups hosted on Cloud-Server, and on Dedizierter Server environments where multiple users manage different parts of the same system.