There are a lot of ways to protect and lock down subdomains, folders, and even specific files. The preferred, reliable, and easiest way to do this is using
Block All, Except IPs you set
Order Deny,Allow Deny from all Allow from 111.222.333.444 # Single IP Allow from 111.222.333.0/99 # Range from .0 to .99
Set a Username and Password
To set a login and block everything else on a folder or subdomain, you need two files.
.htaccess tells us what type of Authentication and where to look for it.
.htpasswd stores the username and password the
.htaccess looks for. It can also store multiples if you want to give users their own unique login.
AuthType Basic AuthName "Protected" AuthUserFile /my/path/to/.htpasswd Require valid-user
here is an example of username: user, password: password
You’ll need to generate your password for these, I recommend the generator from htaccesstools.com
You can do a lot with
.htaccess, if you want to dive deeper here are some links: