Create a .htaccess file. (they are hidden by default)
Add the following contents:
Deny from all Allow from 0.0.0.0.0
(Replace 0's with your IP to allow. Add as many Allow from lines as needed)
This will affect all subdirectories, unless a subdirectory has .htaccess that overrides this.
So http://example.com can be viewable to the public, but if you add the above .htaccess to http://dev.example.com it will block that page from the general public.
Will only block on port 80, will not block FTP or SSH.