1) Put your .htpasswd above your root so visitors can't access it
/home/cpanelusername/.htpasswd
2) Put the username and encrypted password inside the .htpasswd file.
It doesn't matter how many files under how many directories you wanted to protect, they can share a common .htpasswd file.
3) Place the following code in your .htaccess file, in the same folder where you want to protect the file. (Be sure to replace cpanelusername with your actual cPanel username. Replace test with the path to your file. Replace file.html with your file's actual name.)
/home/cpanelusername/public_html/test/.htaccess
AuthName "Member Only"
AuthType Basic
AuthUserFile /home/cpanelusername/.htpasswd
require valid-user
</FilesMatch>
/home/cpanelusername/public_html/test/index.html and all others are NOT protected
You can protect more than one file by using wildcard names. On the FilesMatch line, follow one of these examples:
<FilesMatch "file.*">
<FilesMatch "*.*">
