Get the exact path to your web content folder on your web server. You will need this exact path in order activate the security in your .htaccess. Most hosting control panels will show you the filesystem path.
You can also use PHP to display it for you using the following code:
<?php print(dirname(__FILE__)); ?>
Create a file INSIDE of your web content folder, paste the above code into it and browse to it. You will see the full path displayed, make a note of the full path and delete the file.
For example: if you created 1.php, browse to www.yoursite.com/1.php. You will see the full path, copy it and then delete the 1.php file.
Create a folder OUTSIDE of the web content folder.
For example: if your web folder is /home/site/public_html you create /home/site/security. Note that it is not inside of public_html.
Create a blank file within this new folder, beginning with a period (the period means the file is hidden). It is commonly named .htpasswd, though you can name it anything you wish. If you are going to have different directories that need separate user lists then you would need to use different file names.
For example, you could create .employees, .clients to have different lists of authorized users.
Now, you generate the different user's encrypted credentials and paste them into the blank file you just created. Each user's credential should be on a separate line.
Use this tool to generate the credentials. We do not log this data
Create or modify .htaccess in the directory you want to restrict.
For example: If your web content folder is /home/site/public_html, and you want to restrict access to the entire site, place the .htaccess file there.
You can also protect subdirectories by placing an .htaccess file within them.
Paste the following into the .htaccess file
AuthName "Secured Site"
Please note, as soon as you save this it is activated. Make certain you test.
For example: If you want the browser to say "Client Site" and if you placed your .htpasswd file in /home/site/security then you would use this for your .htaccess:
AuthName "Client Site"
Do not replace an existing .htaccess file, paste the above at the top of the file.
If you want different users for different sections then you have to use different password files
If you secure a folder all children folder inherit this, unless you explictly define an .htaccess file in a subdirectory. To turn off authentication in a child directory use this in the .htaccess file in that directory:
Require all granted