How to Set Up Leech Protection
Leech Protection stops users from publicly sharing a password to a protected area by detecting too many logins from one account and locking it.
Step-by-step
- Make sure the directory is password-protected first — see Directory Privacy.
- Open Security → Leech Protection in cPanel.
- Navigate to the protected directory and click it.
- Set the number of logins allowed within a 2-hour window before the account is suspended.
- Optionally set a redirect URL for leeches and tick "Disable compromised accounts" and email alert options.
- Click Enable. Accounts exceeding the limit are automatically locked, stopping shared-password abuse.
💡 Good to know
- Useful for membership areas and paid content where one password might be circulated.
- Set the alert email so you know when an account is flagged.
- Combine with strong, unique passwords per user for best protection.