In today’s digital landscape, website security is of paramount importance. As a website owner, protecting your online assets from malicious bots, unauthorized access, and potential security breaches should be a top priority. Fortunately, cPanel, one of the leading web hosting control panels, offers a powerful tool called the .htaccess file that allows you to implement security measures effectively. In this blog post, we will explore how you can utilize the .htaccess file to restrict access, block bad bots, blacklist IP addresses, and restrict access to select pages and folders, helping you fortify your website’s defenses. Restricting Access with the .htaccess File is one of many ways to implement security on your website.

Understanding the .htaccess File:

The .htaccess (hypertext access) file is a configuration file used by Apache web servers to modify server behavior on a per-directory basis. With its concise syntax and versatile capabilities, it empowers website owners to control various aspects of their websites, including access control, URL rewriting, and more.


.htaccess Restricting or Blocking Bad Bots:

Bad bots are automated programs that crawl websites for various purposes, such as scraping content, performing fraudulent activities, or launching distributed denial of service (DDoS) attacks. To protect your website from such malicious bots, you can utilize the .htaccess file. Here’s how:

Identify Bad Bots:

Start by analyzing your website’s server logs or employing third-party services that provide comprehensive bot identification. This step helps you determine which bots are causing harm or interfering with your website’s performance.

Implement Bot Blocking Rules:

Once you have identified the bad bots, you can block them using the .htaccess file. By adding specific directives to the file, you can deny access to these bots based on their user agents or IP addresses. There are a few ways to do this as you’ll see in the below examples.

First Example .htaccess block bot:

# Block Bad Bots by User Agent
SetEnvIfNoCase User-Agent "BadBot" bad_bot
Deny from env=bad_bot

# Block Bad Bots by IP Address
Order Allow,Deny
Deny from

Second Example .htaccess block bot

#Block Bots by User Agent
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*(SeznamBot|SemrushBot|AhrefsBot|MJ12bot|YandexBot|PetalBot|DotBot|bingbot).*$ [NC]
RewriteRule .* - [F,L]

As you can see from the above examples you can block by user agent or by IP and there are of course different ways of implementing that block. You can also combine options to block by the user agent and then block by IP as well for IP’s that have no bot agent listed or otherwise spam IP’s. Blocking by user agent is usually enough in most cases.

.htaccess Blacklisting IP Addresses:

Some IP addresses may pose a threat to your website’s security or engage in malicious activities. By blacklisting these IP addresses, you can prevent access from those sources. Here’s how you can do it using the .htaccess file:

Example .htaccess block IP:

# Blocked IP's
Order Allow,Deny
Deny from
Allow from all

In the above example, we deny access to the IP address “” while allowing access to all other IP addresses. You can add multiple IP addresses or use IP range notation to block a range of addresses. You’ll also notice that blocking an IP in .htaccess is the exact same as blocking a bot by IP.

Restricting Access to Select Pages and Folders:

In certain cases, you may want to restrict access to specific pages or directories on your website. The .htaccess file allows you to enforce such access restrictions. This can help you create additional protections for certain sections of your site. Such as employee login pages or Internal company content that is not suitable for public access. There are multiple reasons you may want to configure this type of privacy. Consider the following example:

Example .htaccess restricting access to select pages:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/password/file/.htpasswd
Require valid-user

In this example, we enable basic authentication for a specific directory. Users attempting to access the restricted area will be prompted to enter a username and password. The .htpasswd file contains the usernames and encrypted passwords of authorized users.

.htaccess Directory Privacy:

cPanel provides an intuitive feature called “Directory Privacy” that allows you to password-protect directories directly from the control panel, without the need to manually edit the .htaccess file. This feature is particularly useful when you want to restrict access to specific folders containing sensitive data or confidential information. Here’s how you can use cPanel’s Directory Privacy:

  • Accessing Directory Privacy: Log in to your cPanel account and navigate to the “Files” section. Look for the “Directory Privacy” or “Password Protect Directories” option. Click on it to access the Directory Privacy interface.
  • Selecting a Directory: Choose the directory you want to protect from the list provided. Click on the directory name to proceed.
  • Enabling Password Protection: Toggle the “Password protect this directory” option to enable password protection for the selected directory.
  • Creating User and Password: Enter a name for the protected directory, and create a username and password for the authorized user who will have access. You can add multiple users if necessary.
  • Saving Settings: After entering the required information, click on the “Save” or “Save Changes” button to apply the password protection settings.

cPanel will automatically generate the necessary .htaccess and .htpasswd files to enforce password protection for the selected directory. This simplifies the process and eliminates the need to manually edit the .htaccess file.


As the digital landscape continues to evolve, protecting your website from potential threats is crucial. By leveraging the power of cPanel’s .htaccess file, you can implement effective security measures to block bad bots, blacklist IP addresses, and restrict access to select pages and folders. Regularly reviewing and updating your .htaccess file to adapt to emerging threats ensures that your website remains secure.

In addition to manually editing the .htaccess file, cPanel offers a user-friendly feature called “Directory Privacy” that allows you to password-protect directories directly from the control panel. By utilizing this feature, you can easily restrict access to specific folders containing sensitive information, ensuring an extra layer of security for your website. Incorporating this functionality into your website security strategy enhances your ability to safeguard your online assets effectively.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.