I'm a beginner running 1&1's default customer-self-manages Apache setup, which has Plesk pre-installed. The Plesk site is at https://example.com:8443/ (where example.com is my registered domain) and brings up a PHP-based login page. However, I'd like to additionally secure this app with an htaccess, HTTP-based authentication request (because I might not update Plesk in time should there be Plesk security bugs, and somehow feel better not having the PHP files lying around publicly, if PHP-protected). However, logging in via SSH as root and dropping .htaccess files into folders I figured were relevant -- like /usr/local/psa/admin/htdocs/, among others -- does not bring up the http authentication when requesting the page in a browser. What should I do?
PS: The same .htaccess file works well in other folders I want to secure (I also tried chmod 644). It basically contains this:
AuthType Basic
AuthName "John Doe Management Access"
AuthUserFile /johndoe/.htpasswd
require user johndoe_user
PPS: My .htaccess file seems to be there alright, as https://example:8443/.htaccess brings up a "no permission" page, whereas https://example.com:8443/.htfoo brings up a "not found" page. Perhaps htaccess files are just not correctly configured to be, well, htaccess files for the port and site in question?