Password protected directories in Plesk provides an extra layer of security for sensitive areas of your WordPress website.
This can be useful for protecting admin pages, staging environments, development sites, or private content that you want to restrict from public access.
This guide will walk you through how to configure password protected directories in Plesk for WordPress hosted website.
Table of Contents
Why Use Password Protected Directories?
- Extra Layer of Security: Restrict access to sensitive parts of your website.
- Protect Staging or Development Environments: Ensure that only authorized users can view and test your site before it goes live.
- Safeguard Sensitive Content: Limit access to private files, documents, or areas that contain sensitive information.
Step-by-Step Guide to Password Protect Directories in Plesk
1. Log in to Plesk
Access your Plesk control panel by logging in with your admin credentials.
2. Navigate to the Website & Domains Section
- Go to the ‘Websites & Domains’ tab.
- Select the domain or WordPress installation for which you want to password protect directories.
3. Open the Password Protected Directories Option
- Scroll down to the ‘Security’ section.
- Click on ‘Password Protected Directories’.
4. Add a New Password Protected Directories
- Click on ‘Add Protected Directory’.
- In the ‘Directory Name’ field, enter the path to the folder you want to protect. This could be:
- A custom directory (e.g.,
/staging,/private-content) - Sensitive sections like
/wp-admin(though WordPress already has login protection for this).
- A custom directory (e.g.,
- In the ‘Directory Location’, ensure it points to your WordPress site directory, typically in
/httpdocsor/public_html.
5. Set a Name for the Protected Area
- In the ‘Protected Directory Name’ field, you can provide a name for the directory, such as “Staging Area” or “Private Section.” This is the name that will appear on the authentication prompt when someone tries to access the protected directory.
6. Create User Credentials
Now that the directory is set, you need to create a username and password that will be required to access this protected area.
- Click on ‘Add a User’.
- In the ‘Username’ and ‘Password’ fields, enter the credentials that authorized users will use to access the directory.
Make sure to use strong, secure passwords to prevent unauthorized access.
7. Save and Apply Changes
- Click ‘OK’ to save your settings.
- The selected directory will now be password-protected, and users will need to enter valid credentials to access it.
Accessing the Password Protected Directories
When someone attempts to visit the protected directory (e.g., example.com/staging), they will be prompted with a dialog box asking for a username and password. Only users with the correct credentials will be able to access the content within that directory.
Managing Password-Protected Directories
You can manage, edit, or remove protection from a directory at any time through the Password-Protected Directories interface in Plesk.
- Add/Remove Users: You can add more users or remove existing users who have access to the protected directory.
- Change Password: Update passwords if needed to maintain security.
- Remove Protection: If the directory no longer needs to be protected, simply remove the password protection from the directory.
Common Use Cases for Password Protected Directories in WordPress Hosting
- Staging Environments: Protect a staging or development version of your WordPress site so only developers or clients can access it.
- Admin Areas: Add an extra layer of security to sensitive parts of your site (e.g.,
/wp-admin) beyond WordPress’ built-in login screen. - Private Content or Files: Protect downloadable resources, documentation, or confidential content that should only be accessed by specific users.
- Client Preview Areas: When developing sites for clients, use password protection to restrict access until the site is ready to go live.
Best Practices for Using Password-Protected Directories
- Strong Passwords: Always use complex, strong passwords to prevent unauthorized access.
- Limit User Access: Only give credentials to users who truly need access to the protected area.
- Combine with HTTPS: Ensure that your site is using HTTPS, so the login credentials entered for password protection are encrypted in transit.
Conclusion
Setting up password-protected directories in Plesk for your WordPress site is a simple yet effective way to secure sensitive areas or environments. By following these steps, you can ensure that only authorized users can access certain parts of your site, adding another layer of protection to your hosting environment.
