WordPress.org

Ready to get started?Download WordPress

Plugin Directory

BBQ: Block Bad Queries

Block Bad Queries (BBQ) helps protect WordPress against malicious URL requests.

2014/03/05

  • Bugfix: added conditional checks for empty variables

2014/01/23

  • tested on latest version of WordPress (3.8)
  • added link to rate plugin

2013/11/03

  • removed "?>" from script
  • added optional line for blocking long URLs
  • added line to prevent direct access to BBQ script
  • added "\;Nt.", "\=Nt.", "\,Nt." to request URI items
  • tested on latest version of WordPress (3.7)

2013/07/07

  • replaced "Nt." with "\/Nt." (resolves comment editing/approval issue)

2013/07/05

  • removed "https:" (from previous version)
  • replaced "\/https\/" with "\/https:"
  • replaced "\/http\/" with "\/http:"
  • replaced "\/ftp\/" with "\/ftp:"

2013/07/04

  • removed block for "jakarta" in user-agents
  • removed "union" from query strings
  • added to request-URI: "\%2Flocalhost", "Nt.", "https:", ".exec(", ").html(", "{x.html(", "(function("
  • resolved PHP Notice "Undefined Index" via isset()

2013/01/03

  • removed block for CONCAT in request-URI
  • removed block for "environ" in query-string
  • removed block for "%3C" and "%3E" in query-string
  • removed block for "%22" and "%27" in query-string
  • removed block for "[" and "]" in query-string (to allow unsafe characters used in WordPress)
  • removed block for "?" in query-string (to allow unsafe character used in WordPress)
  • removed block for ":" in query-string (to allow unsafe character used by Google)
  • removed block for "libwww" in user-agents (to allow access to Lynx browser)

2012/11/08

  • Removed ":" match from query string (Google disregards encoding)
  • Removed "scanner" from query string from query string match
  • Streamlined source code for better performance (thanks to juliobox)

Older versions

  • 2012/10/27 - Disabled check for long strings, disabled check for scanner
  • 2012/10/26 - Rebuilt plugin using 5G/6G technology
  • 2011/02/21 - Updated readme.txt file
  • 2009/12/30 - Added check for admin users
  • 2009/12/30 - Additional request strings added

Requires: 3.0 or higher
Compatible up to: 3.8.3
Last Updated: 2014-3-5
Downloads: 150,027

Ratings

4 stars
5 out of 5 stars

Support

1 of 3 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

1 person says it works.
1 person says it's broken.

100,7,7
100,2,2
80,5,4
100,1,1
100,1,1
100,1,1
100,1,1
100,2,2
100,1,1
100,3,3
100,1,1
100,1,1 100,1,1 88,8,7
100,1,1 100,1,1
100,2,2 100,1,1
100,1,1 100,1,1
100,1,1 100,3,3
100,1,1
100,2,2 100,4,4
50,2,1