A common way to protect specific folders within your hosting account is to set a deny rule for all visitors. This keeps out all outside access to the folder. While this is effective at keeping out unwanted visitors, you may want to allow access to certain file types. These most often are image files. Below you will find instructions that allow you to have access to specific file types using an .htaccess file while keeping all other files in the directory safe from uninvited guests.
Allowing access to specific file types in protected directories
- First, log into your cPanel.
- This brings you to the main cPanel screen where you can see all the different categories. From here, enter the File Manager tool. When entering, ensure you have the Show Hidden Files option checked as you will be working with the .htaccess file.
- Now that you are inside the File Manager, navigate down to the directory you want to protect. If it is already protected, you should already have an .htaccess file. If not, you will need to create one by clicking the New File icon from the toolbar across the top of the page. Once you locate or create the file, open if for editing by highlighting the file and clicking on the Edit icon from the toolbar. You will also have a popup box appear, click the Edit button there as well.
- You are now in the File Editor. From here we will want to ensure the directory is secure from all outside visitors. The code below prevents any outside access from all files. This is the first step as we will add the file type exceptions in the next step.
Order Allow, Deny
Deny from all
- Once that code is in place, we now want to insert the exceptions to allow access to these file types. Below is a sample of code that will allow the image types of gif, png, and jpg. These are listed in the first line of the code chunk. You can remove any of these or add any additional file types you want. Note that there is a pipe,|, betwen each file type. This is the character found on the upper poriton of the \ key on a standard US keyboard.
Allow from all
- After you have finished entering the file types to which you want visitors to have access, click on the Save Changes button. This will save your changes and activate the code.