====== DirectAdmin httpd wp-login.php security ======

Requirements:
<code bash>
yum install GeoIP GeoIP-devel GeoIP-update -y
</code>

Compile mod_geoip from here: https://github.com/maxmind/geoip-api-mod_geoip2

<code bash>
wget --no-check-certificate -O /tmp/mod_geoip.c https://raw.githubusercontent.com/maxmind/geoip-api-mod_geoip2/master/mod_geoip.c
apxs -i -a -L/usr/local/lib -I/usr/local/include -lGeoIP -c /tmp/mod_geoip.c
rm -f /tmp/mod_geoip.c
</code>

Move module include from httpd.conf to /etc/httpd/conf/extra/httpd-includes.conf, because custombuild will overwrite it.

Create password file:
<code bash>
htpasswd -c /var/www/html/.htpasswd user
</code>

Create file: /etc/httpd/conf/extra/geoip-wp-admin.conf
<code>
#WP-SECURITY

#whitelist country
SetEnvIf GEOIP_COUNTRY_CODE LT AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE LV AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE EE AllowCountry

<Locationmatch "/wp-login.php">
    AuthName "Prove You are not bot. Please enter User: a / Password: a"
    AuthType Basic
    AuthUserFile /var/www/html/.htpasswd
    AuthGroupFile /dev/null
    Satisfy any
    Deny from all
    Allow from env=AllowCountry
    require valid-user
</Locationmatch>
</code>

Edit file and add: /etc/httpd/conf/extra/httpd-includes.conf
<code bash>
#geoip module load
LoadModule geoip_module /usr/lib/apache/mod_geoip.so
Include /etc/httpd/conf/extra/geoip-wp-admin.conf
</code>

====== Easy way ======

Just put in httpd-includes.conf
<code bash>
<Files wp-login.php>
AuthType basic
AuthName "Wordpress Security: Use the following credentials."
AuthBasicProvider file
AuthUserFile /etc/httpd/conf/wordpress.passwd
Require valid-user
ErrorDocument 401 default
</Files>
</code>

ADDITIONAL LINKS:
  * https://github.com/maxmind/geoip-api-mod_geoip2
  * https://serverfault.com/questions/567113/apache-2-2-and-http-auth-by-country-with-mod-geoip
  * https://www.howtoforge.com/nginx-how-to-block-visitors-by-country-with-the-geoip-module-debian-ubuntu