Just buy another domain, they're cheap!
For SEO purposes, it can be useful too.
Otherwise, put your password protected site inside a subfolder with .htpassword protection or somesuch, and have the blog in another folder - the root if need be, without password protection.
So your main site - since it is password protected in its entirety, sits in a password protected subfolder.
The default.php or homepage is the login page and is in the root folder. The blog can be in the same folder and will be visible to all, as will the login page.
Once someone logs in, they are taken to the password protected subfolder.
Easy enough to do.
Good luck with the site.