Create password protected web directories with apache2

First make sure that .htaccess overrides are enabled in /etc/apache2/sites-enabled/domain.conf

Then create a .htaccess file in the directory you want to protect:

Options +Indexes
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/ocna.htpasswd
Require valid-user

Now create valid users in the file /etc/apache2/ocna.htpasswd:

htpasswd -c /etc/apache2/ocna.htpasswd username

For subsequent users, just use:

htpasswd /etc/apache2/ocna.htpasswd username

Ref:
https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04