Yeah it's a wonder of .htaccess and his buddy, .htpasswd!
cPanel can generate these for you though, so if you go to your cPanel (which I assume you have) go to Password Protection, it'll set up password protection on a directory for you.
I'll have a look into this later...
robots.txt just stops search engines from crawling and indexing your site... using just the robots.txt on its own, normal people would still abe able to access the files.
Yeah, real people don't bother me. They'd have to know the names of the files in there. I'll have a bash with robots.txt then!
Still confuzzled about .htaccess RewriteCond though, that can wait for another time if this is going to work.