WordPress.org

Plugin Directory

BBQ: Block Bad Queries

Block Bad Queries (BBQ) helps protect WordPress against malicious URL requests.

2015/03/14

  • introduce bbq_core()
  • tested on latest WP
  • tightened up code

2014/09/22

  • tested on latest version of WordPress (4.0)
  • retested on Multisite
  • increased minimum version requirement to WP 3.7

2014/03/05

  • Bugfix: added conditional checks for empty variables

2014/01/23

  • tested on latest version of WordPress (3.8)
  • added link to rate plugin

2013/11/03

  • removed "?>" from script
  • added optional line for blocking long URLs
  • added line to prevent direct access to BBQ script
  • added "\;Nt.", "\=Nt.", "\,Nt." to request URI items
  • tested on latest version of WordPress (3.7)

2013/07/07

  • replaced "Nt." with "\/Nt." (resolves comment editing/approval issue)

2013/07/05

  • removed "https:" (from previous version)
  • replaced "\/https\/" with "\/https:"
  • replaced "\/http\/" with "\/http:"
  • replaced "\/ftp\/" with "\/ftp:"

2013/07/04

  • removed block for "jakarta" in user-agents
  • removed "union" from query strings
  • added to request-URI: "\%2Flocalhost", "Nt.", "https:", ".exec(", ").html(", "{x.html(", "(function("
  • resolved PHP Notice "Undefined Index" via isset()

2013/01/03

  • removed block for CONCAT in request-URI
  • removed block for "environ" in query-string
  • removed block for "%3C" and "%3E" in query-string
  • removed block for "%22" and "%27" in query-string
  • removed block for "[" and "]" in query-string (to allow unsafe characters used in WordPress)
  • removed block for "?" in query-string (to allow unsafe character used in WordPress)
  • removed block for ":" in query-string (to allow unsafe character used by Google)
  • removed block for "libwww" in user-agents (to allow access to Lynx browser)

2012/11/08

  • Removed ":" match from query string (Google disregards encoding)
  • Removed "scanner" from query string from query string match
  • Streamlined source code for better performance (thanks to juliobox)

Older versions

  • 2012/10/27 - Disabled check for long strings, disabled check for scanner
  • 2012/10/26 - Rebuilt plugin using 5G/6G technology
  • 2011/02/21 - Updated readme.txt file
  • 2009/12/30 - Added check for admin users
  • 2009/12/30 - Additional request strings added

Requires: 3.8 or higher
Compatible up to: 4.1.1
Last Updated: 2015-3-14
Active Installs: 50,000+

Ratings

5 out of 5 stars

Support

1 of 1 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

4 people say it works.
0 people say it's broken.

100,7,7
100,2,2
80,5,4
100,1,1
100,1,1
100,1,1
100,1,1
100,2,2
100,1,1
100,3,3
100,1,1
100,1,1 100,1,1 88,8,7
100,1,1 100,1,1
100,2,2 100,1,1
100,1,1 100,1,1
100,1,1 100,3,3
100,1,1
100,2,2 100,4,4
50,2,1
100,2,2
100,1,1
100,1,1
100,1,1 100,4,4