WordPress security plugins that hide the source of blocking
We often get reports from customers saying they’ve been blocked from their WordPress sites with a strange generic error message or blank page.
When we investigate, it’s common to find that it happened because they installed a security plugin that has made a mistake — a “false positive” — and blocked the site owner.
No software is perfect, but what makes these situations worse is when the plugin intentionally uses a generic error message (or blank page) instead of clearly identifying the source of the blocking. This makes it difficult to find the cause and wastes a great deal of everyone’s time. (We do lots of blocking ourselves to try to keep sites secure, but we always clearly identify the fact that we added the block on the resulting page.)
We’ve got a list of plugins that do this. We recommend avoiding these plugins; each of them has generated multiple complaints to us of site owners being locked out of their own sites and not knowing what’s happening. (We’ll gladly remove any plugin from that list if the authors make sure their error messages identify the source of blocking so people can easily identify the source of any problems.)