With the Basic Auth method (see https://de.wikipedia.org/wiki/HTTP-Authentifizierung) you can protect access to a website very easily. Even though it is not exactly the safest method, it serves your purpose in many cases. For example, if you are in the process of building a new website and want to prevent unauthorized people from accessing it. In many cases you also want to prevent search engines from indexing the pages (already).
Usually the protection works by a simple entry in the .htaccess file of the installation path (see also https://wiki.selfhtml.org/wiki/Webserver/htaccess/Passwortschutz).
Procedure for multisite instances
In TYPO3 it is possible to run multiple websites with one installation (so called multisite functionality). So in this case ALL websites would be subject to password protection.
To prevent this, the following instructions must be added to the .htaccess file:
# Password protection website XY
SetEnvIfNoCase Host ^<SUBDOMAIN>\.<ROOTDOMAIN>\.<TLD>$ SECURED=yes
AuthType Basic
AuthName "<USER>"
AuthUserFile <INSTALLDIRTYPO3>.htpasswd
AuthGroupFile /dev/null
Require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=SECURED
Remark:
Let's assume that the domain in question is www.xyz.de, then is:
<SUBDOMAIN>=www
<ROOTDOMAIN>=xyz
<TLD>=de
<USER>=Username of the password protection
<INSTALLDIRTYPO3>=fully qualified path of TYPO3 installation on the server