Hydra
First, be clear that there is more than one way to password-protect a website or a directory (folder) inside a website. One is to use a database management system to control what everybody sees. Another is to use simple htaccess files to require a password. Regardless, Hydra is an app to brute-force website logins, including just about any service you can get to over the Internet.
Assignment: First, watch this video.
Note that there are more videos in this series. Click the Youtube link to find them there.
There is also a nice tutorial with some insightful comments here:
http://insidetrust.blogspot.com/2011/08/using-hydra-to-dictionary-attack-web.html
Get Hydra. Fire it up. Does your site use passwords? Try some brute force on your login form.
https://www.thc.org/thc-hydra/