Why was the ability to block certain admin accounts […] removed from the plugin?
The option was misleading.
Many people complained to me last year about how the plugin was unable to block someone from accessing their website even though they blocked them using this option. The original idea was to reduce the number of “failed logins”, not to block the user, but people understood it differently.
I didn’t have enough time to keep maintaining that part of the code, so I took the decision to remove it all together, and my co-workers agreed with the change. This allowed me to focus more on implementing new and better features for the Sucuri Firewall.
Incidentally, the “Block” button still shows up
Thank you, I’ll remove the button in the next update.
Please don’t tell me it’s to encourage people to use Sucuri’s (paid) web application firewall service instead.
That wasn’t the intension, but now that you mention it, it does seems unnecessary to maintain two different code bases to offer the same feature. Even more when one of the implementations works several times better than the other one. For instance, Sucuri Firewall allows you to control —in a more granular way— when and how to block the malicious requests.
The good thing is, the code is still available here [1]. And since the project open-source, anyone can request the addition of the code back to the plugin, using this form [2]. However, I would prefer if the person makes the appropriate changes to remove the misleading parts from the interface.
[1] https://github.com/Sucuri/sucuri-wordpress-plugin/commit/59cb8f9
[2] https://github.com/Sucuri/sucuri-wordpress-plugin/pulls
