BBQ: Block Bad Queries
Install, activate, and done!
Powerful protection from WP’s fastest firewall plugin.
Block Bad Queries (BBQ) is a simple, super-fast plugin that protects your site against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like
base64_, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a strong .htaccess firewall.
100% Plug-n-play functionality
No configuration required (it just works)
Born of speed and simplicity, no frills
100% focused on security and performance
Blocks a wide range of malicious requests
Blocks directory traversal attacks
Blocks executable file uploads
Blocks SQL injection attacks
Based on the 5G/6G Firewall
Scans all incoming traffic and blocks bad requests
Scans all types of requests: GET, POST, PUT, DELETE, etc.
Works silently behind the scenes to protect your site
Hassle-free security plugin that’s easy to use
Thoroughly tested, error-free performance
Compatible with other security plugins
Regularly updated and “future proof”
Customize blocked strings via Whitelist/Blacklist plugins
This plugin does not collect any user data. So it does not do anything to make your site less compliant with GDPR. I have done my best to ensure that this plugin is 100% GDPR compliant, but I’m not a lawyer so can’t guarantee anything. To determine if your site is GDPR compliant, please consult an attorney.
Works perfectly with or without Gutenberg Block Editor
For advanced protection and awesome features, check out BBQ Pro.
Support development of this plugin
I develop and maintain this free plugin with love for the WordPress community. To show support, you can make a donation or purchase one of my books:
And/or purchase one of my premium WordPress plugins:
Links, tweets and likes also appreciated. Thank you! 🙂
Install, activate, done.
Once active, BBQ automically blocks bad queries to protect your site against malicious URL requests. For more control and stronger protection, check out BBQ Pro »
Note that the Pro version of BBQ makes it possible to customize patterns (add, edit, remove) directly via the plugin settings, with a click.
Like the plugin?
If you like BBQ, please take a moment to give a 5-star rating. It helps to keep development and support going strong. Thank you!
What other security plugins do you recommend?
I recently recorded a video tutorial series for Lynda.com on how to secure WordPress sites. That’s a good place to learn more about the best techniques and WP plugins for protecting your site against threats.
Do I need to do anything else for BBQ to work?
Nope, just install and relax knowing that BBQ is protecting your site from bad URL requests.
I don’t see any Settings whatsoever? Where is the settings?
No settings needed for BBQ! Everything is done automatically behind the scenes. Zero configuration required. The free version of BBQ is strictly plug-n-play, set-it-and-forget-it, with no settings to configure whatsoever. Just install, activate, and enjoy better security and robust protection against malicious requests. The Pro version of BBQ is just as fast and simple to use, but is much more powerful and includes robust settings to customize and fine-tune your firewall.
Is BBQ free version compatible with Wordfence? Does it makes sense to use both?
Yes BBQ free and BBQ Pro are both compatible with any plugin written according to the WP API. And yes, there is benefit to using BBQ with any other security plugin, including Wordfence. They protect against different threats, so using both means you are extra secure.
Does BBQ make changes to my .htaccess file?
Absolutely not. Unlike other security/firewall plugins, neither BBQ (free version) nor BBQ Pro make any changes to any .htaccess file.
Does BBQ make any changes to my WP database?
No, the free version of BBQ operates as each page is loaded; it does not make any changes whatsoever to the WP database.
Does BBQ block malicious strings included in arrays?
Yes, BBQ scans any arrays that are included in the URI request. If any matching patterns are found, the request is blocked.
My PHP scanner/checker plugin says there is an error?
For example, if your PHP/plugin scanner reports something like, “found
0x3c62723e which is bad.” Normally you would not want to find such bad strings of code, but there is an exception for security plugins. Think about it: in order to block some nasty string, BBQ must know about it. So each bad string that is blocked by BBQ is included in the plugin “blacklist”. That means, when some PHP scanner looks at BBQ and finds some known bad strings, it just means that the scanner has discovered BBQ’s list of blocked terms. In other words, BBQ contains static strings of non-functional text, in order to match and block malicious requests to your site. I hope this makes sense, feel free to contact me if I may provide any further infos.
Do I need WordPress to run BBQ?
Nope! BBQ is available in the following flavors:
So you can check out the Standalone PHP Script for sites that are not running WordPress.
Do you offer any other security plugins?
Got a question?
Send any questions or feedback via my contact form.