I currently have BruteProtect on approximately 30 WP installs.
Of those, a small number use SSL with Force SSL Admin and Force SSL Login.
I've noticed that the SSL sites continue to periodically show up (perhaps coincidentally?) in warning emails from my server, excessive resource use hammering the server. However, such activity has all but disappeared from my non-SSL instances, which I attribute to BP.
I've also noticed that on the SSL sites, the BP dashboard widget has never shown a "total blocked" number.
Maybe I'm imagining all this. But it's hard to tell what BP is actually doing. I know these SSL sites are being hit, but no number of blocked attempts is showing in the BP dashboard widget.
Also, it would be helpful to know how that widget is supposed to work. Is that number a TOTAL number of blocked attempts for all time on this particular site? Or does it reset at certain intervals?
Is there any more information I can give you?