Today one of my legit users (nice guy, not tech savvy) forgot his WordPress password and tried the wrong one a bunch of times, only to find himself firewalled.
At first I thought it was my WP security plugin, but it said “No active blocks.” Took a long process of hunting, trial and error to realize he was blocked by all of DreamHost, not just his domain. But my control panel didn’t provide any record of active blocks, or indication that DH even does automatic blocking.
Finally filed a ticket and, after a few exchanges, discovered that DH uses mod_security to scan WP sites for brute force attempts and firewall them. I love that they do that, but with no logging or notification of any kind, it makes troubleshooting exceptionally hard - I’d call it “ghost busting.”
What should have been a simple 5-minute task turned into an hour of fruitless hunting. Very annoying.
Please provide a control panel interface to see (and possibly lift) active IP blocks, and/or to note the time at which they’ll lift themselves.