How to configure a password-protected directory in Plesk

Kuzma Ivanov

Updated December 01, 2022 11:11

Plesk for Windows Plesk for Linux kb: how-to ABT: Group B

Applicable to:

Plesk for Linux
Plesk for Windows

Question

How to set up a password-protected directory for a domain in Plesk?

Answer

In Plesk, find which directory is the Document Root directory for the domain at Domains > example.com > Hosting Settings > Document root.
Additional step for Plesk on Windows Server (if you are on Linux, move to step 3):

Go to Domains > example.com > IIS Settings and make sure that Anonymous authentication is enabled:
Go to Domains > example.com > Password-Protected Directories and click Add Protected Directory.
Specify the directory, located inside Document Root from step 1 ('httpdocs' in this example), that should be secured. In this case, we are restricting an access to the /httpdocs/img folder (https://example.com/img). Click OK.

Note: Specify "/" to protect the whole website with a password authentication.
Now, click on the directory name.
Click Add a User to create a user that will be used to access the password protected directory. Click OK. Add other users if required.
Open the now protected URL in a web-browser (in this example, example.com/img) and log in using the username and password from step 6.

Note: If Apache restart interval is set at Tools & Settings > Apache Web Server, Apache must be restarted manually to apply the changes.

Additional Information

The command-line instructions are available at:

protdir: Site Directories Protection - Plesk Docs

To learn more about password-protected directories, visit:

Restricting Access to Content - Plesk Docs

Comments

6 comments

Iman GM December 30, 2017 11:41

Hi,

Without restarting the web server it won't work...

#service httpd restart

I'm not sure if it's a bug or something...

Thanks for sharing.

0

Comment actions Permalink
Bulat Tsydenov January 02, 2018 23:30

@Iman GM, Hi! It means that you have non-zero value set for "Apache restart interval " under Tools & Settings - Apache web server.

1

Comment actions Permalink
Iman GM January 06, 2018 06:34

@Bulat Tsydenov, Yeah! That did the magic. Thanks! :)

0

Comment actions Permalink
Ian Budiman May 01, 2019 22:50

Hiya,

With one of our cust.

Plesk 17.5.3

I am trying to add a Password Protected Directory to the sub domain staging.xxxxx.co.nz using the Plesk feature. I can set it up correctly and protect the entire site with a forward slash /. However, it creates a bug with the live domain xxxxx.co.nz where the site is also asking for the credentials but does not need them. e.g. You can simply close the window and browse the live site.

Is there a way to fix this please? We don’t want password protection on the LIVE domain. Just the staging domain.

They are on the same subscriptions:

0

Comment actions Permalink
Nikita Nikushkin May 02, 2019 01:51

Hi @Ian Budiman,

Checked on test environment but did not reproduce the issue - only staging website asks for the authentication while the main one works fine

Possibly, the main website "example.com" uses the redirect somewhere in the website code to the "staging.example.com"?

Try to access some test file from the "/httpdocs" folder of the main website "example.com" directly, e.g. "https://example.com/robots.txt" (or create such file manually)

If no pop-up window is returned then the issue is connected with the "example.com" website content itself

If the issue still occurs, I suggest creating a request to the Support Department for further issue investigation

1

Comment actions Permalink
Luis Zubeldia June 05, 2020 13:25

how can exclude subfolder?

0

Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Articles in this section

Applicable to:

Question

Answer

Additional Information

Related articles