.htaccess can be remarkably easy to use - simply create a text file by that name and place it at the root level of your webspace.

Here are a few extracts from my .htaccess file - they can go in any order, as long as it's one instruction per line.

Redirect gone /alpha_beta_whatever
Any requests to the /alpha_beta_whatever directory (I used it to keep pre-release versions of the site) will return a 410 Gone error.

ErrorDocument 404 /404.html
Use the page 404.html (it doesn't have to be 404.html, call it whatever you like) instead of the default Apache 404. You can replace 404 with your favourite error code for similar effect.

Redirect /funnies http://www.thegeek.co.uk/whatever/funnies
Any requests to the /funnies directory should be bounced straight over to /whatever/funnies instead - useful if you change your directory structure and don't want people with bookmarks to be faced with 404's.
This uses the 302 Found or 302 Moved Temporarily error documents, neither of which are shown by the browser, but taken as a cue to display the referenced page instead.

I've yet to try password protection with .htaccess - but it's pretty damn secure, and I can't imagine it's too tricky to implement.