I have just recently had to password protect a subdomain on a server running Plesk and let me tell you it’s not a simple as it should be. My story and how I managed it in the end…

An Optimistic Start

So there I was happily in my Plesk panel I hit the add subdomain button, gave it a name and pressed OK … Hey Presto! My new subdomain created. I see it in my browser too.

So now I went to the ‘Password Protect Folders’ option, entered the folder to protect and thought that was it… I should of know that nothing can be that simple, it should be but with Plesk it is not.

As it turns out (after spending some hours googling the problem and reading the docs) you cannot password protect a subdomain in Plesk this way, only the main domain in http docs folder, a bit silly if you ask me but there you go that’s the way it is. You can do it but it’s a little bit of a hack.

So what you do is: make the subdomain, let’s call if ‘mysubdomain.com’, as normal then go to the password protect folders option and add a new folder, can be called anything but make sure it’s not a folder that’s going to be used in your main site, let’s call it ‘_myprivatesite’.

Now in the subdomain root folder add a .htaccess file and add:

Don’t forget to substitute ‘mysubdomain.com’ with what you called your subdomain and ‘_myprivatesite” with what you called your protected folder and that it you should a password protected subdomain now.

Hope this helps