Thanks to all so far for the ideas.
Obviously the more I keep “under the hood” on the Apache server, the less chance outsiders will have to “whimsically” redefine my security options for me (eg. Cloudflare, etc.). Since I am not using it for the speed or locale caching, it wouldn’t make much difference to me if I were to go back to a regular Apache server model. Due to Google and other bots (Baidu, Yandex) continuously devising new ways to break into and cache our information on our sites, I feel confident that the Apache server is the best model. It looks as if the PHP engine can be used as an extension of that utility value.
The GeoIP option looks like it could work. Since it uses the PHP engine and that can be used to protect the data served up by individual PHP pages, it can tell Apache to withhold serving up the page until country is confirmed.
It would seem that it might work the best under these conditions being met:
these two lines exist in .htaccess:
All resources OTHER than the index.php (and up to this point for me index.html) are located in subdirectories.
Exact names of files and subdirectories are undiscovered by the bots due to condition 1 being met. Transition of index page from from HTML to PHP file includes renaming all resources that are referenced by it. (break the existing bot mapping)
I am going to this trouble because I don’t want to have password protected pages. Additionally, it looks as if Baidu and possibly Yandex have servers located in the US. So the simple solution is to cut those off at .htaccess level.
Since this is a “conversion” of sorts, I am hoping that I can initially get away with as little conversion work as possible. The home page now is just a static HTML page with a couple Iframes for dynamic content. From that there are PHP modules and other resources which launch off of that in new tabs or new windows. Of course any bot which can see my index HTML page will be able to map out other unprotected pages based on unprotected references to other files and resources.
Also, I just wanted somebody confirm that the GeoIP resources for PHP are indeed available for use on Dreamhost’s SHARED servers.