A few ways to control visitor access to resources on your site.
Looking at a couple of ways to filter the requests that come to the site in order to implement limits on access to certain stuff. Not using the very capable .htaccess rules in Apache. But higher level methods in code that can be implemented by anyone. Including WordPress users and others. Code written in C CGI's (not a WordPress user oriented solution, but included for others) and with PHP which is within the control of people with sites hosted on a variety of commercial hosting platforms.