I’ve made a small tutorial on how to do this, easily. If someone knows bash, better than me, you can make it a bash command. Or just add it directly to the file explorer in Hestia.
Create a new, encrypted .htpasswd file with the used admin. You can add to this file, just remove the ‘-c’. It will ask you for a password. This file can be anywhere on the server. The file (.htpasswd) can be named anything, it doesn’t matter.
htpasswd -c /home/user/web/domain/.htpasswd admin
Create a .htaccess file in the folder you want to protect
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/user/web/domain/.htpasswd
require valid-user