Could we use the already present password protected directory in cPanel to create a new password automatically every e.g. 30 mins? The password would then be shown as a question and answer challenge in the WP page that holds the faucet. Anyone trying to access the faucet directly and bypassing WP would not be able to access the directory.
If it's possible to have a restriction on the number of tries before the IP is blocked, we could have maybe 20 different password on random rotation.
Problem with this is what would happen when the password changes to those users already in with the previous password?