Support » Plugin: BBQ: Block Bad Queries » Working with Ultimate Security Plugin

  • Resolved alternateroute


    I have the Ultimate Security Plugin loaded and one of the suggestions was a way of stopping malicious URL attacks.
    It gave code to load as a plugin, which was the 1.0 version of Block Bad Queries. Even after loading the plugin, Ultimate Security Checker still said the site was subject to malicious URL attacks.
    Now that BBQ has been updated, the code I had put in for the plugin triggers an update message.
    I updated to the new version of BBQ and Ultimate Security Checker still says the site is vulnerable.
    Jeff, have you had any contact with the author of Ultimate Security Checker to make sure your plugins play together nicely?
    Is it just a fault in the Ultimate Security plugin, or could there be a situation (clashes with other plugins or themes) where your plugin might not be working.
    BTW, the demo of your htaccess good looks good. Might give myself an early Xmas present.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Jeff Starr


    Hi alternateroute,

    The notice you are seeing happens because the security-checker plugin scans for instances of code that are frequently associated with malicious attacks. And because BBQ specifically protects your site against such code, the security checker plugin scans and recognizes the code, then alerting you of its presence. Imagine something like this:

    BBQ plugin says: “evil code 123 is blocked from this site.”

    So the security scanner lets you know: “Look, we found an instance of ‘evil code 123’.”

    From there, the security checker plugin should simply report the code, not assume that it’s malicious. There are many plugins that I’ve seen that are reported as dangerous even though the code is used in a completely safe manner, as is the case with BBQ 🙂

    Plugin Contributor Julio Potier


    Also, Ultimate Security Checker can not detect others security plugins.
    Other example i’ve encounter: Better WP Security told me “You are not blocking too long URLs”, FALSE i’ve got BBQ ! But how can BWPS can guess that BBQ do this job ? He just can not.
    my 2 cents

    Thanks Jeff, that makes sense, however since the makers of the Ultimate Security Plugin specifically recommend your code, you would think that that would have some way of detecting it.
    Thanks for the quick replies from both of you.

    Hello everyone,

    I looked into this and determined that it’s a problem with Ultimate Security Checker, not Block Bad Queries. I wrote up my analysis and suggested a work-around here:

    Best wishes,


Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Working with Ultimate Security Plugin’ is closed to new replies.