Password protection can be setup for directories using an .htaccess file. Here’s a Password Protection Tutorial and template for creating the file. You’ll need to make sure to include the full path to your .htpasswd in the AuthUserFile line. You can find the full path in your control panel under the Features tab at the bottom under ‘server side paths’. An example of what this would look like is:
NOTE: If the directory that you are password protecting for does not contain a default page (ie. index.html), then visitors will receive a “403 Error > Forbidden” page. This is because for security reasons, directory listing is disabled by default. Once you upload your index.html page, they will no longer see this warning.