.htaccess rules

Hello, I had a problem in a particular case. I have installed a website not in the main root but in a subfolder, also for security reasons, so I copy the .htaccess and index.php files to the root. The problem is that the plugin writes the rewrite rule to the root .htaccess file instead of the wordpress installation folder. In this way it is sufficient that anyone has the link to the user’s file to be able to open it. I solved it like this: I copied the string to the root .htaccess file and deleted it. I pasted it into the .htaccess file of the installation folder but I deleted the path to the installation folder. I’ll give you an example.

# BEGIN User Private Files
# Le direttive (linee) tra <code>BEGIN User Private Files</code> e <code>END User Private Files</code> sono
# generate dinamicamente, e dovrebbero essere modificate solo tramite i filtri di WordPress.
# Ogni modifica alle direttive tra questi marcatori verrà sovrascritta.
RewriteRule ^wp-content/uploads/upf-docs/(.*)$ https://mywebsite.it/folder-wordpress-setup?file=$1 [QSA,L]
# END User Private Files

This is the code with the path of the installation folder which, however, also prohibits access to the owner user

# BEGIN User Private Files
# Le direttive (linee) tra <code>BEGIN User Private Files</code> e <code>END User Private Files</code> sono
# generate dinamicamente, e dovrebbero essere modificate solo tramite i filtri di WordPress.
# Ogni modifica alle direttive tra questi marcatori verrà sovrascritta.
RewriteRule ^wp-content/uploads/upf-docs/(.*)$ https://mywebsite.it/?file=$1 [QSA,L]
# END User Private Files

The latter instead is the pathless code of the wordpress installation folder that works. Do you by any chance have a better idea for this particular case? I’m not actually the only one as it is a common measure to increase security.