Adding password protection to a directory using .htaccess is a two-step process.
The first part is adding the appropriate lines to your .htaccess file in the directory you want to protect. Everything below this directory will be password protected:

AuthName “Section Name”
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user

You will need to change a few parts of this for your site. You should replace “Section Name” with the name of the part of the site you protect, e.g. “Members Area”.

The /complete/path/to/.htpasswd should be changed to reflect the full server path to the .htpasswd file (more on later).

Password protecting a directory takes a little more work than any of the other .htaccess functions because you may also create a file containing the usernames and passwords allowed to access the site.
These should be placed in a file which (by default) should be called .htpasswd.
Like the .htaccess file, this is a file with no name and an 8-letter extension. This can be placed anywhere within your website (as the passwords are encrypted), but it is advisable to store it outside the web root so that it is impossible to access it from the web.

Enter the usernames and passwords to access the site once you have created your .htpasswd file in a notepad. They should be joined as follows:

username: password

Where the password is the encrypted format of the password. To encrypt the password, you must either use one of the premade scripts available on the web or write your own.

Add extra lines to your .htpasswd file in the same format as the first for multiple users. There are even scripts available for free that will manage the .htpasswd file and allow automatic adding/removing of users, etc.

To access a site, you need to give the URL as follows:

HTTP:// username : password@www.domain-name.com/directory/