Revision:
Also an important detail was left out:
This new code goes below the FORBID EMPTY REFFERER SPAMBOTS code in your Root .htaccess file.
Please replace "Your-Website-Domain-Name-Here.com" in the HTTP_REFERER filter with your actual Domain name.
Please replace the IP Addresses listed in REMOTE_HOST with your actual website IP address. You will find this listed on the BPS System Info page - Server / Website IP Address:
# BLOCK ALL REQUESTS/ACCESS TO BPS PLUGIN FILES AND OTHER PLUGIN FILES
# Whitelist AITpro.com - this is only for BPS Pro folks
# to continue to allow them to connect to the AITpro API Server.
# You can add additional plugins that you would like to protect by
# adding the plugin folder name as shown below.
# NOTE: Some plugins utilize an index.php file in their plugin folder
# that will negate the REQUEST_URI filter below.
RewriteCond %{THE_REQUEST} ^(GET|POST|PUT)
RewriteCond %{HTTP_REFERER} !^.*(Your-Website-Domain-Name-Here.com|ait-pro.com).* [NC]
RewriteCond %{REMOTE_HOST} !^(173\.201\.92\.1|88\.77\.66\.55)
RewriteCond %{REQUEST_URI} ^plugins/(bulletproof-security|example-plugin-name1|example-plugin-name2)/(.*)$ [NC]
RewriteRule ^(.*)$ - [F,L]