From what I’ve gathered from Google, the easiest way to password protect your entire web site or parts of it, is to use the .htaccess file. The problem is, as usual, I was finding incomplete information. What it boils down to is that you need two files: .htaccess and .htpasswd AND you need to have a password GENERATED (the key missing piece, for me) by a site such as this one: http://www.htaccesstools.com/htpasswd-generator/
Step 1: Create a .htaccess file in whatever directory you want password protected. And put the following in that file:
AuthUserFile /full/system/path/to/.htpasswd
AuthName EnterPassword
AuthType Basic
require valid-user
Step 2: Create a .htpasswd file that contains the names and passwords for the users you want to access the directory. But here’s the GOTCHA! You can’t just put the password in plain text in the file — it needs to be hashed! I don’t know what that means exactly, except that it is a way to encrypt the password. Why do you need to do this? I don’t know, but when I didn’t do it, it didn’t work.
So, go to the handy dandy htpasswd generator page sited above: http://www.htaccesstools.com/htpasswd-generator/
And put the results from that generator into your .htpasswd file.
The site also has a .htaccess authentication generator tool: http://www.htaccesstools.com/htaccess-authentication/
Full disclosure: I’m using this stuff on a Mac, running MAMP. I assume the above will work when I use it on my web host server since these are all Apache files and they are all Apache servers.