I have small website project on a managed hosting server where https is used.
Now I would like to know if it is still secure to use a http subdomain (without https) in combination with a basic auth restriction defined in .htaccess. I have only one security certificate that is used for the main website. Shell I buy a second security certificate for the subdomain?
If you use basic authentication with http you are basically sending your username and password unencrypted over the wire. So to answer the question: No your current approach is not secure. You should buy a ssl certificate or look into Lets encrypt if you dont want to buy another certificate again.