The trouble is that even if we did support .htaccess Authentication (we don't) and the specification for this authentication was in the form http://user:pass@site.com (it's not) this still wouldn't be the right way to go about protecting files.
The first reason is that the password would be stored in the "client.wyc" file. So, yes - your updates would be password protected, but everyone would have the password. If you gave your customers the password to manually type in then the password would be common knowledge, thus again everyone would have the password.
Password protecting the updates isn't a viable solution.
Possible solution #1
If you're dealing with a limited customer base (i.e. less than 200 users) then it might be better to authorize user by IP address. It looks something like this in the .htaccess file:
deny all;allow X.X.X.X;allow Y.Y.Y.Y;allow Z.Z.Z.Z;...etc.
Possible solution #2 (best solution)
Add the update-subscription checking directly to your app's code. That is, if the user is not allowed to update to the latest version past, say, May 1st, and they upgrade anyway - have an interface that requires them buy a new subscription license before they can continue to the latest version.
Possible solution #3 (worst solution)
Alter the wyUpdate source code to add either .htaccess authentication support, or add proprietary protection.