I have the same question, but found how to do this for each individual website add-on, but that would take a while. I also want to know how to do this globally to all my websites. Here is the link to how to do it individually.
Apparently I don't have enough Karma to post a link, so here's the text from the post:
Yes this is possible! This behavior is controlled by the Odoo controllers. So you should override the default controller for the website and modify the @http.route so you need to be authenticated before you can see the products. A small example:
From the Odoo folder on your server, go to addons/website/controlers/main.py
@http.route(['/shop'], type='http', auth="user", website=True
In this example the user has to be logged in because of the auth="user" and cannot acces it without being logged in.
Hope this helps! Thanks for anyone who might know how to do this globally!