Introduction
Leech Protection in cPanel helps secure password-protected directories from unauthorized access and abuse. It prevents users from publicly sharing login credentials or accessing a directory excessively within a short time. When triggered, Leech Protection can redirect, suspend, or alert you about suspicious behavior — adding an important layer of defense to private content on your site.
This article explains how to enable and configure Leech Protection to protect sensitive areas of your website.
What Is “Leeching”?
In web security, leeching refers to the act of:
-
Users publicly posting login credentials to restricted areas (forums, file archives, etc.)
-
Unauthorized users accessing a protected area multiple times within a short timeframe
-
Automated bots or malicious users exploiting shared credentials
Why Use Leech Protection?
Leech Protection allows you to:
-
Detect and prevent abuse of shared logins
-
Protect premium, member-only, or internal content
-
Automatically redirect or block suspicious users
-
Receive email alerts when limits are breached
-
Maintain the integrity of private or paid content
How to Access Leech Protection in cPanel
-
Log in to your cPanel account
-
Scroll to the Security section
-
Click on Leech Protection
How to Enable Leech Protection
Step 1: Choose a Directory
-
You’ll see a list of public_html folders
-
Click the folder icon next to the directory you want to protect
-
Example:
/membersor/downloads/private
-
Note: The directory must already be password protected (via cPanel’s Directory Privacy tool)
Step 2: Configure Protection Settings
Once inside the directory settings:
-
Set a maximum number of logins allowed per user within a 2-hour window
-
e.g., If set to 3, no user can log in more than 3 times every 2 hours
-
-
Enter a redirect URL to send violators to a warning page
-
Example:
/leech-warning.html
-
-
(Optional) Enable email alerts
-
Enter an email address to be notified of leech attempts
-
-
(Optional) Disable the compromised account automatically
Click Enable to activate protection for the directory.
Example Use Case
You run a membership site with premium downloads in /premium-files. You notice your content is being downloaded far too often.
Using Leech Protection:
-
You set the limit to 5 logins per 2 hours
-
Redirect violators to a warning page
-
Get notified immediately by email
-
Disable users who abuse the login
How to Disable Leech Protection
To remove the restriction:
-
Navigate back to the protected directory
-
Click Disable Leech Protection
This restores normal access behavior.
Best Practices
| Tip | Why |
|---|---|
| Combine with Directory Privacy | Required to protect a folder in the first place |
| Set realistic login limits | Too strict may lock out legitimate users |
| Create a clear warning or blocked page | So users know why access was denied |
| Use for member-only or restricted directories | Especially where credentials may be shared |
| Monitor your email alerts regularly | To catch abuse early |
Troubleshooting
| Issue | Solution |
|---|---|
| Protection not working | Ensure the folder is password protected |
| Too many users being blocked | Raise the allowed login limit or extend the time window |
| Redirect not working | Make sure the redirect URL is valid and accessible |
Conclusion
Leech Protection is a powerful but often overlooked tool in cPanel. It ensures that password-protected directories are not abused or misused by shared or stolen credentials. Whether you run a paid membership site or host internal resources, enabling Leech Protection gives you more control and visibility over who accesses your content and how.
