BBQ : Block Bad Queries

Description

Install, activate, and done!
Powerful protection from WP’s fastest firewall plugin.

Block Bad Queries (BBQ) is a simple, super-fast plugin that protects your site against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a strong .htaccess firewall.

GDPR-compliant: does not collect any user data
Gutenberg-compliant: works perfectly with or without Gutenberg

Awesome Features

  • 100% Plug-n-play functionality
  • No configuration required (it just works)
  • Born of speed and simplicity, no frills
  • 100 % concentré sur la sécurité et la performance
  • Bloque une large gamme de requêtes malicieuses
  • Blocks directory traversal attacks
  • Bloque le téléchargement de fichiers exécutables
  • Bloque les attaques en injection SQL
  • Based on the 5G/6G Firewall
  • Scans all incoming traffic and blocks bad requests
  • Scans all types of requests: GET, POST, PUT, DELETE, etc.
  • Works silently behind the scenes to protect your site
  • Extension de sécurité simple à utiliser et sans prise de tête
  • Thoroughly tested, error-free performance
  • Compatible avec d’autres extensions de sécurité
  • Regularly updated and « future proof »
  • Customize blocked strings via Whitelist/Blacklist plugins

Version Pro

For advanced protection and awesome features, check out BBQ Pro.

Support development of this plugin

I develop and maintain this free plugin with love for the WordPress community. To show support, you can make a cash donation, bitcoin donation, or purchase one of my books:

And/or purchase one of my premium WordPress plugins:

Les liens, tweets et j’aime sont aussi les bienvenus. Merci ! 🙂

Installation

Installing BBQ

  1. Installez, activez et c’est terminé.

Once active, BBQ automically blocks bad queries to protect your site against malicious URL requests. For more control and stronger protection, check out BBQ Pro »

Plus d’infos sur l’installation d’extensions WordPress

Customizing

Note that the Pro version of BBQ makes it possible to customize patterns (add, edit, remove) directly via the plugin settings, with a click.

FAQ

Installation Instructions

Installing BBQ

  1. Installez, activez et c’est terminé.

Once active, BBQ automically blocks bad queries to protect your site against malicious URL requests. For more control and stronger protection, check out BBQ Pro »

Plus d’infos sur l’installation d’extensions WordPress

Customizing

Note that the Pro version of BBQ makes it possible to customize patterns (add, edit, remove) directly via the plugin settings, with a click.

Quelles autres extensions de sécurité recommandez-vous ?

I recently recorded a video tutorial series for Lynda.com on how to secure WordPress sites. That’s a good place to learn more about the best techniques and WP plugins for protecting your site against threats.

Ai-je besoin d’autre chose pour que BBQ fonctionne ?

Nope, just install and relax knowing that BBQ is protecting your site from bad URL requests.

I don’t see any Settings whatsoever? Where is the settings?

No settings needed for BBQ! Everything is done automatically behind the scenes. Zero configuration required. The free version of BBQ is strictly plug-n-play, set-it-and-forget-it, with no settings to configure whatsoever. Just install, activate, and enjoy better security and robust protection against malicious requests. The Pro version of BBQ is just as fast and simple to use, but is much more powerful and includes robust settings to customize and fine-tune your firewall.

La version gratuite de BBQ est-elle compatible avec Wordfence ? Cela a t-il du sens d’utiliser les deux ?

Yes BBQ free and BBQ Pro are both compatible with any plugin written according to the WP API. And yes, there is benefit to using BBQ with any other security plugin, including Wordfence. They protect against different threats, so using both means you are extra secure.

BBQ modifie t-il mon fichier .htaccess ?

Absolument pas. Contrairement à d’autres extensions de sécurité, ni BBQ (version gratuite), ni BBQ Pro ne modifient le fichier .htaccess.

BBQ apporte t-il des modifications à ma base de données WP ?

Non, la version gratuite de BBQ agit au chargement de chaque page. Elle ne procède à aucun changement de la base de données WP.

Does BBQ block malicious strings included in arrays?

Yes, BBQ scans any arrays that are included in the URI request. If any matching patterns are found, the request is blocked.

Ai-je besoin de WordPress pour exécuter BBQ ?

Nope! BBQ is available in the following flavors:

So you can check out the Standalone PHP Script for sites that are not running WordPress.

Do you offer any other security plugins?

Yes, check out Blackhole for Bad Bots to protect your site against bad bots. I also have a video course on WordPress security, for more plugin recommendations and lots of tips and tricks.

Got a question?

Send any questions or feedback via my contact form.

Avis

Nice plugin with awesome support

This free BBQ firewall plugin works nicely in the background, providing protection from threats. But the best part is the truly exceptional author support, who went out of his way to promptly resolve the conflict issue I was facing with BackWPup plugin. Certainly deserves 5* for the support alone on this free plugin. Keep up the great work!

As a minor suggestion, I do suggest incorporating this conflict resolution with BackWPup plugin in the future updates of BBQ firewall directly if possible through adjustments in settings/code, so that it can work out of the box for everyone who is using both these plugins. But nevertheless, the author is a great guy, and provides awesome support!

Cheers,

Best lightweight Plugin to block bad requests

There are so many plugins available in the market today, even tough to find, which one is good or bad.

After trying some, I’m using this one for almost two years on my Website-https://www.easebedding.com/
And now I’m using for my these websites too:-

1-1-https://www.topbestspot.com/
2-https://bloggingcreation.com/
3-https://luxuryhomedecorforcheap.com/

And will continue to use it right now as a free and may be I’ll Update to Pro later after some time.

Thanks for this Plugin.

Thank you Jeff

Great plugin that I have used in the past. I now use Jeff’s even better 6G htaccess firewall.

Lire les 67 avis

Contributeurs & développeurs

« BBQ : Block Bad Queries » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.

Contributeurs

“BBQ : Block Bad Queries” a été traduit dans 3 locales. Remerciez l’équipe de traduction pour ses contributions.

Traduisez « BBQ : Block Bad Queries » dans votre langue.

Le développement vous intéresse ?

Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.

Journal

2018/05/11

  • Adds xrumer to blocked query strings and request URIs
  • Adds indoxploi to blocked query strings and request URIs
  • Generates new translation template
  • Tests on WordPress 5.0

2017/11/01

  • Updates readme.txt 🙂
  • Tests on WordPress 4.9

2017/10/19

  • Changes \/\.tar to \.tar in Request patterns
  • Changes \/\.bash to \.bash in Request patterns
  • Adds new User Agent patterns: shellshock, md5sum, \/bin\/bash
  • Adds new Request patterns: @@, @eval, \/file\:, \/php\:, \.cmd, \.bat, \.htacc, \.htpas, \.pass, usr\/bin\/perl, var\/lib\/php, wp-config\.php
  • Adds new Query String patterns: @@, \(0x, 0x3c62723e, \(\)\}, \:\;\}\;, \;\!--\=, @eval, eval\(, base64_, UNION(.*)SELECT, \/config\., \/wwwroot, \/makefile, \$_session, \$_request, \$_env, \$_server, \$_post, \$_get, phpinfo\(, shell_exec\(, file_get_contents, allow_url_include, disable_functions, auto_prepend_file, open_basedir, (benchmark|sleep)(\s|%20)*\(
  • Tests on WordPress 4.9

2017/07/30

  • Changed menu item name to « BBQ Firewall »
  • Tests on WordPress 4.9 (alpha)

2017/03/22

  • Adds plugin settings page
  • Adds French translation (thanks to Bouzin)
  • Generates new default translation template
  • Tests on WordPress version 4.8

2016/11/14

  • Replaces esc_html with esc_attr for link title attributes
  • Changes stable tag from trunk to latest version
  • Adds » to rate this plugin link
  • Updates URL for rate this plugin link
  • Moves « Go Pro » link to action links
  • Renames action/meta link functions
  • Updates default translation template
  • Tests sur WordPress version 4.7 (bêta)

2016/08/10

  • Added translation support
  • Added plugin icons and larger banner
  • General fine-tuning and testing
  • Tested on WordPress 4.6

2016/03/28

  • Removed \:\/\/ from Request URI and Query String patterns (see this thread)
  • Added (benchmark|sleep)(\s|%20)*\( to Request URI patterns (thanks to smitka)
  • Testé sur WordPress 3.5 bêta

2015/11/07

  • Added \.php\([0-9]+\), __hdhdhd.php to URI patterns (Thanks to George Lerner)
  • Added acapbot, semalt to User Agent patterns (Thanks to George Lerner)
  • Replaced UNION.*SELECT with UNION(.*)SELECT in Request URI patterns
  • Added morfeus, snoopy to User Agent patterns
  • Refactored redirect/exit functionality
  • Renamed rate_bbq() to bbq_links()
  • Testé avec WordPress 4.4 bêta

2015/08/08

  • Tested on WordPress 4.3
  • Updated minimum version requirement
  • Highlighted Pro link on Plugins screen

2015/06/24

  • Replaced UNION\+SELECT with UNION.*SELECT
  • Added wp-config.php to query-string patterns
  • Added plugin link to BBQ Pro
  • Testing on WP 4.3 (alpha)

2015/05/07

  • Tested with WP 4.2 and 4.3 (alpha)
  • Replaced some http with https in readme.txt

2015/03/14

  • introduit bbq_core()
  • tested on latest WP
  • tightened up code

2014/09/22

  • testé sur la dernière version de WordPress (4.0)
  • retested on Multisite
  • increased minimum version requirement to WP 3.7

2014/03/05

  • Bugfix: added conditional checks for empty variables

2014/01/23

  • testé sur la dernière version de WordPress (3.8)
  • ajouté lien pour noter l’extension

2013/11/03

  • retiré ?> du script
  • ajouté ligne optionnelle pour bloquer les URL longues
  • added line to prevent direct access to BBQ script
  • added \;Nt\., \=Nt\., \,Nt\. to request URI items
  • testé sur la dernière version de WordPress (3.7)

2013/07/07

  • replaced Nt\. with \/Nt\. (resolves comment editing/approval issue)

2013/07/05

  • removed https\: (from previous version)
  • replaced \/https\/ with \/https\:
  • replaced \/http\/ with \/http\:
  • replaced \/ftp\/ with \/ftp\:

2013/07/04

  • removed block for jakarta in user-agents
  • removed union from query strings
  • added to request-URI: \%2Flocalhost, Nt\., https\:, \.exec\(, \)\.html\(, \{x\.html\(, \(function\(
  • resolved PHP Notice « Undefined Index » via isset()

2013/01/03

  • removed block for CONCAT in request-URI
  • removed block for environ in query-string
  • removed block for %3C and %3E in query-string
  • removed block for %22 and %27 in query-string
  • removed block for [ and ] in query-string (to allow unsafe characters used in WordPress)
  • removed block for ? in query-string (to allow unsafe character used in WordPress)
  • removed block for : in query-string (to allow unsafe character used by Google)
  • removed block for libwww in user-agents (to allow access to Lynx browser)

2012/11/08

  • Removed : match from query string (Google disregards encoding)
  • Removed scanner from query string from query string match
  • Streamlined source code for better performance (thanks to juliobox)

Older versions

  • 2012/10/27 – Disabled check for long strings, disabled check for scanner
  • 2012/10/26 – Rebuilt plugin using 5G/6G technology
  • 2011/02/21 – Updated readme.txt file
  • 2009/12/30 – Added check for admin users
  • 2009/12/30 – Additional request strings added