Password Protecting Individual Files
Note that creating a separate folder for sensitive files is a far simpler and less error-prone, and that’s what we usually recommend. But if you do decide to protect an individual file, you can do so by adding a FilesMatch directive to a .htaccess file. For instance, the following code will protect the file called wp-login.php:
<FilesMatch wp-login.php> AuthName "Restricted File" AuthType Basic AuthUserFile /home/ex/example.com/webpasswords-passwordlist require valid-user </FilesMatch>
htpasswd -c /home/ex/example.com/webpasswords-passwordlist myname
As with all .htaccess files, the rules will also be applied to any subdirectories unless they are overridden by additional .htaccess files.