Let’s say you have a directory, like /private, that you want to be password protected. On your Mac or your server, type:
$ htpasswd -c .htpasswd username
where username is the username you want to require. It will then ask you for the password you want to require. Upload the .htpasswd file it creates to the private directory. If you want to add another account, say for newuser, do this:
$ htpasswd .htpasswd newuser
and again enter the password and upload the file.
Now put this in a file called .htaccess in the same directory:
AuthUserFile /path/to/example.org/private/.htpasswd AuthGroupFile /dev/null AuthName "Private Stuff" AuthType Basic require valid-user
(But change /path/to/example.org/ to be the path to your webspace directory on the server. You can also change "Private Stuff" to a message you want to be included in the password dialog. Browsers will probably say something like, "Please enter your password to Private Stuff." or "Realm: Private Stuff".)
Unless your web host in unusually restrictive (if so, you could complain to them), this should cause a password dialog to pop up when you visit http://example.org/private/ or any file in that directory or a subdirectory.