Don't let your hosts CPANEL .htaccess Trip you up!

htaccess logo
To download these tutorials for OFFLINE viewing or for archive purposes please (Click here to download)
(Clicking the “.zip” will open the Archive, un-zip the .mht files then use one of the plugins below to view them)

You can open .mht WebArchive files directly inside FireFox Or Google Chrome by installing a plugin


This week I’ve decided to password protect all my other project folders, which is on my hosting account.
This allows me to continue to work on all my projects, but for my own entertainment and learning only.
Since a lot of these projects are very similar to those that the PIPCU have taken offline this month.

So this week i found a problem, which seemed impossible to happen never mind actually fix. Now i know the reason for it.
It seems the stupidest mistake I’ve ever made. It was so simple to fix the problem. But it’s always easy to say that
When the problem has already been found, and been solved. Well this was a bug that myself¬† My team, 4 tech’s over at
My hosting provider couldn’t solve. (Took us over 3hrs) So what was up? What was this crazy problem you ask?

cpanel 1

In your web hosting Cpanel there is a feature to Secure and Password Protect folders on your FTP account.

cpanel 2


This is as simple as selecting a directory, assign a name to that directory to show to the user accessing it.
Then creating a password file, and assigning a username to access that passworded directory.

All done in a simple couple of clicks. (There’s 11 project folders i had to make secure) so took a little time.
Now for security purposes you make each .htaccess file a different username and password.

IF done correctly when you now visit a folder via http methods,¬† if it’s password protected correctly.
You should see the following dialog box below popup each time you try to access it.

htaccess logo

Now here’s the tricky part these folders since their project files are not just folders.
But dynamic sub-domains too. See the example below before it confuses the hell out of you. is a link to a folder called project-1 on the domain
But if this has been setup as a sub-domain. you actually access it like this

See how that works? You have actually setup a folder on your hosting account as a virtual domain name.
Now the fun begins. Since these folders are not just folders containing pictures and so forth, they actually contain
Websites. So we are not only locking access off to the folders, but also locking access off to the websites setup in them folders.

Now if you are like me, and are very lazy and don’t make multiple copies of each of the same image to display on your website.
You just hot-link/embed them. for example see the twitter logo i have on the right sidebar?

twitter example

Well i have that block of HTML copied to all my 11 project websites, so that image was stored in a folder on my FTP called project-1 so the embed link was for example

<a href=””><img src=””></a>

See where i’m going with this yet?

When loading it was then asking me for a user/pass for the website when this website clearly DID NOT have any password protection active.

So now you’ve just clicked what the problem was right? Because the twitter image was actually hosted in /project-1 on the FTP It was pulling that image from the project-1 folder. Which that folder was the folder protected. So naturally it’s going to prompt the user/password box each and every time my main website loaded.

So the TIP is if you are like me and copy & paste blocks of HTML code that include images/logo’s photos
Make sure them contents you’re linking too/embedding are not in any folders or sub-folders relative to your home folder on your FTP account.

Otherwise soon as the page loads, regardless what website it is. It’s going to constantly nag you to Login!
I hope this helps people from making this stupid mistake! But something so simple it’s completely overlooked when solving it.