If you have a UNIX host all you have to do is create two files: .htaccess and .htpasswd
Then when someone goes to see anything in that particular directory they will be asked for a username and password.
When they enter the username it will be checked inside the .htaccess file (you can add the usernames allowed using any text editor). As for the password is a bit trickier, and the password inside the file needs to be encrypted. For example the password encryption for the word 'test' is 'vq3OGHpnFivDI' (or something like that depending on the encryption you use), and it needs to be preceded by the username you created in the other file and a colon.
For example let's say you want to have the username 'george' and the password 'bush'.
You can open any text editor (not a word processor, something like Microsoft Word won't work, but Notepad will do the trick) and type the word 'george' (minus the quotes) inside of it. then save the file with the name .htaccess (note that there is no other extension, like .txt, that is the WHOLE name).
then create a new document, inside of it, type 'george:dyl5rNY6/mL0U' (minus the quotes) and save the file with the name .htpasswd (again no .txt after it)
Upload them to your host account in ASCII mode.
If you want to use a different password, here is a web site where you can get any word encrypted: http://users.abac.com/cgi-bin/pass.pl
Keep in mind usernames and passwords need to be 2 to 16 characters, lower case letters or numbers only, no special characters. And also this will protect ALL files in that directory, there is no way to protect just one file with this method.
