Forums

WordPress › Support » Plugins and Hacks

BBQ: Block Bad Queries
[resolved] Working with Ultimate Security Plugin (5 posts)

  1. alternateroute
    Member
    Posted 5 months ago #

    I have the Ultimate Security Plugin loaded and one of the suggestions was a way of stopping malicious URL attacks.
    It gave code to load as a plugin, which was the 1.0 version of Block Bad Queries. Even after loading the plugin, Ultimate Security Checker still said the site was subject to malicious URL attacks.
    Now that BBQ has been updated, the code I had put in for the plugin triggers an update message.
    I updated to the new version of BBQ and Ultimate Security Checker still says the site is vulnerable.
    Jeff, have you had any contact with the author of Ultimate Security Checker to make sure your plugins play together nicely?
    Is it just a fault in the Ultimate Security plugin, or could there be a situation (clashes with other plugins or themes) where your plugin might not be working.
    BTW, the demo of your htaccess good looks good. Might give myself an early Xmas present.

    http://wordpress.org/extend/plugins/block-bad-queries/

  2. Jeff Starr
    Member
    Plugin Author
    Posted 5 months ago #

    Hi alternateroute,

    The notice you are seeing happens because the security-checker plugin scans for instances of code that are frequently associated with malicious attacks. And because BBQ specifically protects your site against such code, the security checker plugin scans and recognizes the code, then alerting you of its presence. Imagine something like this:

    BBQ plugin says: "evil code 123 is blocked from this site."

    So the security scanner lets you know: "Look, we found an instance of 'evil code 123'."

    From there, the security checker plugin should simply report the code, not assume that it's malicious. There are many plugins that I've seen that are reported as dangerous even though the code is used in a completely safe manner, as is the case with BBQ :)

  3. Julio Potier
    Member
    Plugin Contributor
    Posted 5 months ago #

    Also, Ultimate Security Checker can not detect others security plugins.
    Other example i've encounter: Better WP Security told me "You are not blocking too long URLs", FALSE i've got BBQ ! But how can BWPS can guess that BBQ do this job ? He just can not.
    my 2 cents

  4. alternateroute
    Member
    Posted 5 months ago #

    Thanks Jeff, that makes sense, however since the makers of the Ultimate Security Plugin specifically recommend your code, you would think that that would have some way of detecting it.
    Thanks for the quick replies from both of you.

  5. fwchapman
    Member
    Posted 4 months ago #

    Hello everyone,

    I looked into this and determined that it's a problem with Ultimate Security Checker, not Block Bad Queries. I wrote up my analysis and suggested a work-around here:

    http://wordpress.org/support/topic/base64-fix-for-compatibility-with-new-block-bad-queries-plugin

    Best wishes,

    Fred

Reply

You must log in to post.

About this Plugin

About this Topic

Tags