The tech patched the problem by restricting logins to two fixed IP addresses. This is absolutely not workable for the site owner, for three reasons:
* She moves around a lot, as one would expect of a busy business owner;
* Her internet access will be changing shortly;
* She could well have dynamic IP allocation at home.
It was for these reasons that I didn't waste my time implementing fixed IP addresses as a "solution." It's not a solution; it's a kluge.
So, now we have four options:
* Continue to use fixed IP addresses and basically make her site inaccessible to her most of the time, hurting her business as a professional writer;
* Look into the low-lowel reasons that Wordpress can't handle restricting by URI when a site URI is mapped to child URI (and this is a known problem whose solution is beyond the access of the user);
* Remove the security filters in the .htaccess files and risk being hacked;
* Move the site away from Inmotion.
The first option isn't workable, Inmotion is aware of the second option and, to the best of my knowledge, has not acted on it, so we're left with the last two options. As Inmotion has noted, option three could well pull down or deface her site anyway. That leaves "Move the site."
It has been Inmotion's choice, not ours, to throw this back over the fence to me instead of looking into the deeper issue.