How to protect website directories

This tutorial will show you how to secure your website by blocking public access to subdirectories on your 000webhost website.


1. Log Into the File Manager

One you enter your login details, go to the folder that you want to protect from the general public. You will need to choose a folder and not public_html. This will break your site and will render your website useless.


2. Create the file
  1. Once you are in the folder, you will now need to create the file to protect that directory. Click the new page button (shown below).

A popup will display prompting you to name the new page. Name the page “.htaccess”, but without the quotes. Then, click the “Create” button to create the page.


3. Add the code

Now it’s time to add the code that will protect the directory that you are currently in. First, double-click on the new file to open it. Once you have done this, you will need to add the code below and click “Save and Close”

Options -Indexes


4. Visit the directory

Since you have now added the code, now you need to visit the directory to check if it’s now blocked. If you added the code in a folder in public_html, the directory would be at: https://mysite.000webhostapp.com/directory. If you see a “Forbidden” error, you have successfully blocked access to that site directory.

Now you can repeat steps 2 - 4 if you want to protect any other directories.


That’s it! Now all of your important files on your website can’t be downloaded by the public. Enjoy your protected site! :smile:

If you have any questions, please PM me! :slight_smile:

3 Likes

Hi Hexa,

I have just started using the Forum, so I may be missing something, if so my apologies in advance.

I was not subscribed to this topic, but received an e-mail about a tutorial about How to protect website directories, followed by further e-mails from a subscriber thanking you and your reply to him. Since the tutorial was not accessible from the e-mail, I have logged in here to find it and still cannot see any link to your tutorial. Please advise what is going on.

Hey that’s really useful as I’ve just started learning about this stuff. I am desperately wanting to make a password protected zone because I get targeted by international hate cults (just for being a transwoman) and I been experimenting unsuccessfully with .htaccess in a folder called /private on my domain… but I just get “internal server error”. Anyway… just in case anyone else knows… here is what I tried most recently:
#diagnostics for php
php_value display_errors 1

404 = not found error

ErrorDocument 404 /log.php?r=/no.php&x=404

403 = security error

ErrorDocument 403 /log.php?r=/no.php&x=403

protect .htaccess

<Files .htaccess>
order allow,deny
deny from all

forbid viewing of directories

Options All -Indexes

password protected area

AuthName "private"
AuthUserFile /private/.htpasswd
AuthType Basic
require valid-user

1 Like

Remember security options on 000webhost.com

Provides directory protection too

1 Like