Question: How do I restrict access to a folder? Print

Answer : 

Restricting access to a folder is useful when you want to protect sensitive files, admin areas, downloads, or private content. GHFS Hosting and Plesk offer several ways to block or limit access using .htaccess, password protection, or IP restrictions.

This article explains all available methods.

1. Method 1: Restrict Access with .htaccess (Password Protection)

You can protect any folder with a username and password using .htaccess.

Step 1: Create the password file

1. Log in to Plesk

2. Go to Websites & Domains

3. Open File Manager

4. Choose the folder you want to protect

5. Create a new file named:
   .htpasswd

Add a username and password in encrypted format.
You can generate encrypted passwords using any online htpasswd generator.

Example .htpasswd content:

Step 2: Add rules in .htaccess

Inside the folder you want to protect, create or edit .htaccess:

Replace the file path with your correct folder path.

2. Method 2: Restrict Access by IP Address

If you want to allow access only from specific IPs, add this to the folder’s .htaccess:

Only these IPs will be allowed. All others are blocked automatically.

3. Method 3: Block All Access to the Folder

If you want to deny all public access:

Inside the folder’s .htaccess:

This is useful for private folders, scripts, or internal files.

4. Method 4: Allow Access Only to Specific Files

If the folder should block everything except certain file types:

Example: allow only images:

This blocks all other file types.

5. Method 5: Protect Upload Folders (Disable PHP Execution)

To prevent malware or unauthorized scripts from running inside upload folders, add:

Many WordPress and CMS uploads folders use this protection.

6. Method 6: Use Plesk Password-Protected Directories

Plesk provides a built-in tool for easy folder protection.

Steps:

1. Log in to Plesk

2. Go to Websites & Domains

3. Click Password-Protected Directories

4. Choose a folder or create a new protected area

5. Set a username and password

6. Save

Plesk will automatically apply correct .htaccess and .htpasswd settings.

7. Method 7: Restrict Access Using nginx Rules (Advanced)

If your domain uses nginx:

1. Go to Apache & nginx Settings

2. Add rules in “Additional nginx directives”

Example: block access to a folder:

Example: allow access only from your IP:

8. Tips for Folder Restriction

• Always test after adding rules

• Incorrect configurations may cause a 403 Forbidden error

• Avoid restricting /wp-admin/ unless you know what you’re doing

• Keep a backup of .htaccess before editing

• Use Plesk’s password protection tool if you prefer a simpler method

9. When to Contact GHFS Hosting Support

Contact support if:

• Your rules cause errors or block your entire site

• You are unsure which method fits your needs

• You need help locating the correct file path

• You want server-side firewall restrictions

• You use nginx-only hosting and .htaccess is not applied

The support team can set up secure folder protection for you.