How to protect website directories


This tutorial will show you how to secure your website by blocking public access to subdirectories on your 000webhost website.

1. Log Into the File Manager

One you enter your login details, go to the folder that you want to protect from the general public. You will need to choose a folder and not public_html. This will break your site and will render your website useless.

2. Create the file
  1. Once you are in the folder, you will now need to create the file to protect that directory. Click the new page button (shown below).

A popup will display prompting you to name the new page. Name the page “.htaccess”, but without the quotes. Then, click the “Create” button to create the page.

3. Add the code

Now it’s time to add the code that will protect the directory that you are currently in. First, double-click on the new file to open it. Once you have done this, you will need to add the code below and click “Save and Close”

Options -Indexes

4. Visit the directory

Since you have now added the code, now you need to visit the directory to check if it’s now blocked. If you added the code in a folder in public_html, the directory would be at: If you see a “Forbidden” error, you have successfully blocked access to that site directory.

Now you can repeat steps 2 - 4 if you want to protect any other directories.

That’s it! Now all of your important files on your website can’t be downloaded by the public. Enjoy your protected site! :smile:

If you have any questions, please PM me! :slight_smile:



thank for your tutorial. :slight_smile:


Glad you liked it @julien! :smile:


Hi Hexa,

I have just started using the Forum, so I may be missing something, if so my apologies in advance.

I was not subscribed to this topic, but received an e-mail about a tutorial about How to protect website directories, followed by further e-mails from a subscriber thanking you and your reply to him. Since the tutorial was not accessible from the e-mail, I have logged in here to find it and still cannot see any link to your tutorial. Please advise what is going on.


If I may intervene, the tutorial is in this topic. You just have to click on pointers :slight_smile:


@ NGiNX Moderator,
There is no tutorial showing only step 1.
Where are the pointers that you refer to?


hey @Malae!

If you click on one of the section titles, those will open up each step and show the steps on how to protect your website directories.

Hope that helps!



These :slight_smile:


There appears to be a problem, because the only pointer is for 1. and it is pointing down, apparently open, but greyed out.

I also now note that this, and only this tutorial title, is greyed out.


What browser are you using? :confused:


Can you also send along a screenshot? Thanks! :slight_smile:


Hey that’s really useful as I’ve just started learning about this stuff. I am desperately wanting to make a password protected zone because I get targeted by international hate cults (just for being a transwoman) and I been experimenting unsuccessfully with .htaccess in a folder called /private on my domain… but I just get “internal server error”. Anyway… just in case anyone else knows… here is what I tried most recently:
#diagnostics for php
php_value display_errors 1

404 = not found error

ErrorDocument 404 /log.php?r=/no.php&x=404

403 = security error

ErrorDocument 403 /log.php?r=/no.php&x=403

protect .htaccess

<Files .htaccess>
order allow,deny
deny from all

forbid viewing of directories

Options All -Indexes

password protected area

AuthName "private"
AuthUserFile /private/.htpasswd
AuthType Basic
require valid-user


Is this working for you?


@ hexa @ NGiNX

Thanks for your replies.

When doing website development, I continually switch between FF and Chrome, but initially was probably happening on FF.

The screenshot shows what I was seeing. Today, on opening this topic, I see the tutorial at the top of the page with all the pointers, as in your screenshot. The pointers are responsive. The issue is now solved, thank you


protecting the directories the way you said works really well… but I get an internal server error on my password protected folder. The link is this:

… and the user name and password should be:
username: melahi
password: pass19
… but that doesn’t work… yet ;o)


Thank you for this tutorail


I have added the code in the tutorial and immediate get the following:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Removing the code fixes the error.



Are you receiving the error after adding Options -Indexes? I have added it and your website works fine (press CTRL+F5 for a full webpage refresh)


You are correct. I commented out both lines and see now that the Options -Indexes is uncommented and not causing any problem.
It is the /public_html/js/.htaccess line that is causing the error. I was about to ask why that is there, but was called for lunch. Can you explain it? I don’t have a js directory on public_html anyway.