Install the apache2-utils package on your server by typing:

apt-get update && apt-get install apache2-utils

The first time we use this utility, we need to add the -c option to create the specified file. We specify a username (sammy in this example) at the end of the command to create a new entry within the file:

htpasswd -c /etc/nginx/.htpasswd sammy

You will be asked to supply and confirm a password for the user.

Leave out the -c argument for any additional users you wish to add:

Asks for password when trying to download from https://example.com/wp-content/uploads/file.png

location ^~ /wp-content/uploads/file.png {
                try_files $uri $uri/ /index.php?$args;
		auth_basic "Restricted Content";
            	auth_basic_user_file /etc/nginx/.htpasswd;
            }

• Password protect site with htaccess in Apache

• http://flsilva.com/blog/how-to-password-protect-file-directory-nginx/