You can either lock down the server by permission only and not give your clients access to the data file or you'd need to create a dedicated URL for the file that you would want to open only. There are several articles out on this.
You can hide a file from the launch page. File > Sharing > Configure for WebDirect…, then check "Don't display on FileMaker WebDirect Launch Center."
This alone doesn't prevent someone who knows the URL from accessing the file, so it would not be an effective way of locking out WebDirect users, but it does prevent someone clumsy or curious from opening it up.