BBQ: Block Bad Queries
[resolved] Working with Ultimate Security Plugin (5 posts)

  1. alternateroute
    Posted 3 years ago #

    I have the Ultimate Security Plugin loaded and one of the suggestions was a way of stopping malicious URL attacks.
    It gave code to load as a plugin, which was the 1.0 version of Block Bad Queries. Even after loading the plugin, Ultimate Security Checker still said the site was subject to malicious URL attacks.
    Now that BBQ has been updated, the code I had put in for the plugin triggers an update message.
    I updated to the new version of BBQ and Ultimate Security Checker still says the site is vulnerable.
    Jeff, have you had any contact with the author of Ultimate Security Checker to make sure your plugins play together nicely?
    Is it just a fault in the Ultimate Security plugin, or could there be a situation (clashes with other plugins or themes) where your plugin might not be working.
    BTW, the demo of your htaccess good looks good. Might give myself an early Xmas present.


  2. Jeff Starr
    Plugin Author

    Posted 3 years ago #

    Hi alternateroute,

    The notice you are seeing happens because the security-checker plugin scans for instances of code that are frequently associated with malicious attacks. And because BBQ specifically protects your site against such code, the security checker plugin scans and recognizes the code, then alerting you of its presence. Imagine something like this:

    BBQ plugin says: "evil code 123 is blocked from this site."

    So the security scanner lets you know: "Look, we found an instance of 'evil code 123'."

    From there, the security checker plugin should simply report the code, not assume that it's malicious. There are many plugins that I've seen that are reported as dangerous even though the code is used in a completely safe manner, as is the case with BBQ :)

  3. Julio Potier
    Plugin Contributor

    Posted 3 years ago #

    Also, Ultimate Security Checker can not detect others security plugins.
    Other example i've encounter: Better WP Security told me "You are not blocking too long URLs", FALSE i've got BBQ ! But how can BWPS can guess that BBQ do this job ? He just can not.
    my 2 cents

  4. alternateroute
    Posted 3 years ago #

    Thanks Jeff, that makes sense, however since the makers of the Ultimate Security Plugin specifically recommend your code, you would think that that would have some way of detecting it.
    Thanks for the quick replies from both of you.

  5. fwchapman
    Posted 3 years ago #

    Hello everyone,

    I looked into this and determined that it's a problem with Ultimate Security Checker, not Block Bad Queries. I wrote up my analysis and suggested a work-around here:


    Best wishes,


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • BBQ: Block Bad Queries
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic