403 error from adding custom rule – require clean data

I am evaluating querywall and like its premise. However, am experiencing complete lockouts, including to admin, by the plugin with resulting 403 error.

Steps to reproduce problem:
1) Install querywall on WP 5.4.1 under cpanel
2) Activate
3) Add multiple rules to test to first rules panel that should not conflict with any actual operations nor have possibility of being triggered eg:
abracadabra\.php
pillowvirus\.php
(Note: the above two filenames do not exist in the file system)
4) Save
This results in immediately being locked out with a 403 error

The plugin must then be manually disabled.
Removing and reinstalling the plugin results immediately in the 403 error again.
I can confirm that removing the plugin does the following:
a) removes the files from plugin directory /wp-content/plugins/querywall/
b) removes the table cpaneldbprefix_qwall_monitor

I cannot see where the firewall settings data for querywall are stored. eg: doing a text search in files for “abracadabra” after adding it as a rule does not provide any hits, neither does searching the all of the tables in the database.

Would someone please advise where the rules are stored and how to ensure that all custom rules are being removed for querywall so a completely clean install can be performed?

And can anyone confirm that querywall is working ok under WordPress 5.4.1 with custom rules added?

Finally, is it possible with querywall to blacklist IP addresses that break the firewall rules for a period of time?

Thank you