If your webserver is running on Apache, you can set up pasword protection from there. (My beloved webhost,
http://www.dreamhost.com, let you do this in their control panel.)
A bit off-topic, but FYI: hit counters are in the industry considered a no-no (if they are displayed to the site visitors).
patrice
http://www.patriceschneider.com/apple-osx/blog/