You will need to create two files in the directory you want to protect (all subdirectories will then be protected as well): one called .htaccess, and another called .htpasswd. Because these files start with a period, you will not be able to see them in your FTP folder after you upload them, so make sure to keep a copy of both on your personal machine!
Start by opening Notepad and pasting this into the blank document:
# Access file
allow from all
USERNAME represents the username for your FTP. DIRECTORY_TO_PROTECT represents the subdirectory you are protecting with a password, and where you will be uploading .htaccess and .htpasswd to.
Save that to your hard drive under the name ".htaccess" (no quotes).
Next, open up Notepad again with a new document. For each person you want to have access to your password-protected directory, you must add the following line:
LOGIN_NAME represents the name they will use to login, such as "Bob". HASHED_PASSWORD is the password you want them to have, which has been run through a special filter to change it to a different form. To apply the filter, visit this page and type in the password to give them: https://www.nfoservers.com/passcreator.pl
. It will output what the password hashes to; copy that string (everything after the colon on the first line, including any periods or other odd characters) into Notepad as HASHED_PASSWORD.
After you've added all the users and their passwords, save that file to your hard drive as ".htpasswd" (no quotes).
Then, simply upload .htpasswd and .htaccess into SUBDIRECTORY_TO_PROTECT on your free webspace. That directory and all subdirectories will be instantly password-protected!