[4.6] How can I use the Host-based authentication additions?
If you have existing rules from an old .htaccess file, you can take them and add a username between the 'deny'/'allow' and 'from' strings. Using the username wildcard of '%' would be a major benefit here if your installation is suited to using it. Then you can just add those updated lines into the $cfg['Servers'][$i]['AllowDeny']['rules'] array.
If you want a pre-made sample, you can try this fragment. It stops the 'root' user from logging in from any networks other than the private network IP blocks.
//block root from logging in except from the private networks
$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array(
'deny root from all',
'allow root from localhost',
'allow root from 10.0.0.0/8',
'allow root from 192.168.0.0/16',
'allow root from 172.16.0.0/12',
);