The best solution is to put that one file within its own password-protected directory.
If you don’t want to change the link (perhaps it exists on a zillion other websites?) you can do this:
Change the name of thisfile.html to x, because you can’t have a file and a subdirectory with the same name.
Create a directory named thisfile.html and password protect that directory.
Move x into the password-protected directory and name it index.html (If you want to use something else - as, forinstance, a file that isn’t HTML, or you want the user to download it with a specific name - you can put an .htaccess file inside that password-protected directory that says only
and in that directory, the web server looks for a file named “myNekkidWife.jpg” to serve up as the default when there isn’t a file specified as part of the URL.)