Hey Dmitry,
Yes, and no. You can truly password protect your website, but you can only have one password for the whole website.
You can psuedo-protect your website by simply hiding everything if someone isn't registered, but someone who knows what they're doing can basically get in, and start purchasing things. This however, will be few and far between, and you can mitigate this by simply having the app you're going to use to make the invitations simply automatically cancel created accounts that didn't go through your system first, and cancel orders made by the deleted account.
Adam