Ever since I went public with the garden blog residing in a subfolder of this server account, I’ve been dogged with issues trying to keep the main domain private and the subdomain public.
The solution finally manifested itself after I lost access to both domains after an IP change. Because the main domain only responded to specific IP requests via the .htaccess file, I had to make some changes. An .htaccess file in the subdomain directory with the appropriate lines finally resolved the issue.
For the main domain, I limited access to my IP address with the following:
# ALLOW ONLY SPECIFIC IPs
<Limit GET POST PUT>
Order Deny,Allow
Deny from all
Allow from xxx.xxx.xxx.xxx
</Limit>
I also had to permit public access to certain file-types, i.e. picture files, since my subdomain used the same WordPress content directory as the main domain:
# Allow only certain file types
<FilesMatch ".(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$">
Allow from All
</FilesMatch>
For the subdomain, I permitted the public GET, POST and PUT permissions:
# allow public access
<Limit GET POST PUT>
order allow,deny
allow from all
</Limit>
With the above, I retained privacy of my main domain, but gave public access to the subdomain served from a subfolder of the main WordPress site.