Here is some more .htaccess fun.  I’ve seen these snippets around different websites for years and use this as a template and customize it to my needs.  It’s a good template because it lays out simple to understand functions within your .htaccess.  Password protecting areas but still allowing your developers access is a great way to run a parallel environment on the exact server under the exact conditions it will actually be running in, this technique can provide developers faster feedback without disturbing the live site (unless of course some of their code bogs your server down, which can still happen.)

# password protection allowing multiple resources
AuthType Basic
AuthName “Restricted Area”
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
Require valid-user
# allow public access to the following resources
SetEnvIf Request_URI “(path/to/directory1/)$” allow
SetEnvIf Request_URI “(path/to/directory2/)$” allow
SetEnvIf Request_URI “(path/to/file\.php)$” allow
SetEnvIf Request_URI “(path/to/file\.html)$” allow
SetEnvIf Request_URI “(path/to-another/resource/)$” allow
SetEnvIf Request_URI “(path/to-yet/another/resource/)$” allow
Order allow,deny
Allow from env=allow

# allow open access to entire site for select ips and sites
Allow from 777.777.77.7
Allow from 888.888.88.8
Allow from 999.999.99.9
Allow from domains.tld
Allow from website.tld
Allow from example.tld
Satisfy any

.htaccess files give you the flexibility of controlling access and certain functions on the server level and once you save your .htaccess and things run as expected, there’s seldom any surprises if you maintain the same patterns for further customization and they are very reliable.  .htaccess files are powerful, but with a single rogue character, you can bring your entire site down, so be very cautious updating and editing .htaccess — always use some kind of version control for quick restores!