what does the .htaccess file say? a sample one I have in a protected directory is:
AuthName "administrative area"
<Limit GET POST>
require user myusername
And my .htpasswd file, which is located at /path/to/.htpasswd says something like:
So when I go to that secure directory with the .htaccess file in it, I get prompted for a username and password. I enter the username and password and the page will show, as long as its the username 'myusername'
As for the locations. The .htpasswd file should be placed in your home directory, if your username was 'deb', then the full path to your .htpasswd file would be '/home/deb/.htpasswd' What this does is prevent anyone from looking at that file since it's outside your web directory. The .htaccess file should be place in the folder you want to protect. It the case of your example, it would be '/home/deb/infoword.com/private/.htaccess'
As for the aditional 404 error, it sounds like you tried to set up custom error screens and it isn't working right. Check your main webpage directory (~/infoword.com/) for a .htaccess file. In it you might see something like this:
ErrorDocument 400 /errors/400.html
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
what this means is if there is an error 403 "access forbidden", then display the page http://www.infoword.com/errors/403.html. If that page doesn't exist, then your going to get a 404 "file not found" error when you get a 403 "access forbidden" error. you can also just remove all those and their should be a server default error page. If that's not working, then contact support and tell them the default error pages aren't working.
hope this helps