There are two files that must be inside your root directory in order to password protect your site.
- .htaccess — the .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration.
- .htpasswd — .htpasswd is a flat-file used to store usernames and password for basic authentication on an Apache HTTP Server.
cd into the main directory you want to password protect.
Create the .htaccess file
vi .htaccess AuthType Basic AuthName "restricted area" AuthUserFile /your/root/directory/.htpasswd require valid-user
Create the .htpasswd file
Create new htpasswd file and add user (you will be asked to enter your password).
htpasswd -c .htpasswd username
Add additional users.
htpasswd .htpasswd username
Not only does password protecting your website keep users out, but it also removes your site from search results.