lucy24 - 8:22 pm on May 17, 2013 (gmt 0)
There are times when it's appropriate to have more than one htaccess file, and this may be one of those times. If it's your own server the question doesn't arise because you can make the appropriate <Directory> envelope.
Rock-bottom easiest version:
Put an htaccess file in the directory you want to protect. It only needs three lines.
Deny from all
Allow from aa.bb.cc.dd
For individual files, you can do the same thing in a <Files> envelope.
You shouldn't need to do any kind of lookup. Just give the numerical IP address.
Oh, and as long as you're there: change the names of your protected files and directories to something robots won't easily guess. Scan your logs for long blocks of 404s and you can see what they usually try. (I get them periodically myself-- and I don't even use WordPress!)