The best solution, assuming that the right extensions are on, is htaccess file (if it is available). You can use it to determine who has rights to get into a certain directory, and prompt for a password (one of your making) also, security through obscurity can help, in this case. You could use very criptic names for subdirectories where you store these sort of things (assuming they truly can't browse your directories) Depending on the type of server, this approach might be a little different. If you are paying for the hosting, you should have access to a faq which should address this very issue. Also, keep in mind that most of the "free" web sites have restrictions on unlinked material. If they find it, they have various rights (depending on their agreements. Some can delete it, some can close the whole site, while other's might not care) eric