The problem is to be on a shared server. As you say, we are at the mercy of the goodwill of the host.
Anyway, an ip that tries to find SQL files, Wordpress login, zip file, etc etc, it's a crap IP that squats my bandwidth, filled my log file, and that does not. has nothing to do here. An IP that generates hundreds of errors per minute is just an IP to ban.
Having a simple rule that can handle it at the back office is nothing foolish to ask.
Fail2ban would already be active if it was possible. It does not, so I'm looking for an alternative solution. If IPS does not wish to propose, I would find another solution. Nevertheless, I think that it would not be too much.