Updated White list Specifc IPs for wp-admin / wp-login.php

Regarding: Where to white list wp-admin / wp-login to specifc ips

It works for blocking wp-admin, but nginx matches the

# Limit access to avoid brute force attack
location = /wp-login.php {
  limit_req zone=one burst=1 nodelay;
  include fastcgi_params;
  fastcgi_pass php;
}

From the include common/wpcommon.conf; directive for wp-login first.

How is the best way we can restrict /wp-admin/ AND wp-login.php to only specific IPs by site?

Seems we need an ee site secure that understands when we are WP and allows us to white list admin to specific IPs for specific sites?

In the meantime we can add our block to the common.conf, but that will be lost in updates. Is there a better EasyEngine way of Blocking WP admin to only specific IPs?