Ah. So you are using Apache. Great! Then directory restriction is a piece of cake.
Put in a file named ".htpasswd" in the parent directory of htdocs.
Go here http://help.powweb.com/cgi-bin/crypt.cgi
and fill in a user name and password.
Cut and paste the generated text into your .htpasswd file.
Inside any folder you want to protect, create a file name ".htaccess"
Put this text in the .htaccess file and edit to fit your situation:
AuthName "AUTHENTICATION WINDOW TITLE"
require user USERNAME_USED_IN_.HTPASSWD