Protecting specific directories with a username and password is a simple way to restrict access to sensitive files or internal areas of a website. Plesk provides a built-in feature that lets you add or remove password protection without editing server configuration files manually.
This feature is commonly used on environments managed through Plesk-hosting where site-level access control is required.
When Directory Protection Is Useful
Password-protected directories are typically used for:
- Internal documentation or private downloads
- Staging or test areas that should not be public
- Temporary access for clients or team members
When a directory is protected, all subdirectories inside it are automatically protected as well.
Adding Password Protection to a Directory
Stap 1: Open password-protected directories
Log in op het Plesk-controlepaneel.
Vanuit de linkerzijbalk, open Websites & Domeinen en klik Password-Protected Directories.
[Schermafbeelding: Websites & Domains page with Password-Protected Directories icon]
Stap 2: Create a protected directory
Klikken Add Protected Directory.
Enter the name of the directory you want to protect.
Do not include httpdocs in the directory name. Only enter the directory name itself.
Optioneel, enter a title for the protected area. This title is shown in the browser authentication prompt.
Klikken OK to create the protected directory.
[Schermafbeelding: Add Protected Directory form]
Stap 3: Add a user
From the list of protected directories, click the name of the directory you just created.
Klikken Add a User.
Enter a username and password for access to the directory, klik vervolgens OK.
[Schermafbeelding: Protected directory user creation screen]
Password protection is now active for the selected directory.
Removing Password Protection
If a directory no longer needs to be protected, access restrictions can be removed at any time.
Stap 1: Select the directory
Open Password-Protected Directories and select the checkbox next to the directory.
[Schermafbeelding: Protected directories list with selection checkbox]
Stap 2: Remove protection
Klikken Remove Protection, confirm the removal, and save the change.
Once removed, the directory and its subdirectories will be publicly accessible again.
Praktische opmerkingen
- Use strong, unique passwords for protected directories
- Remove protection when it is no longer needed
- Avoid protecting large public areas unnecessarily
Directory-level access control is especially important on shared or multi-site setups hosted on cloud-servers, and on speciale server environments where multiple users manage different parts of the same system.