The advice above is spot on, but assumes you have shell access. Ideally you should login to your server using an SSH client like Putty.
Once logged into your file system, you need to create a password file. This file holds the list of authorised users and encrypted passwords.
htpasswd -cmdps auth UserName
The above is one method, but for a fuller explanation simply type - htpasswd at the prompt and study the options and appropriate syntax.
You should place the password file in a place not accessible from the web. ie.
/var/ross/www/public or /home/sites/www.ross.com/web are both accessible from the web so place your password file here:
/var/ross/.htpasswd or /home/sites/www.ross.com/.htpasswd
The .htpasswd file is automatically generated using the htpasswd command. By default the htpasswd file is dropped in the folder where you execute the htpasswd command from the command line.
Now you have a password file located behind the site root, simply reference it in any number of .htaccess files. By placing a .htaccess file in a folder, it becomes password protected.
Combining the examples the .htaccess files should look like this:
AuthName "The Admin Control Panel"
require user UserName
If you have any problems, PM me and I will walk you through it.