Plugin / BBQ: Block Bad Queries
Jeff StarrChangelog
Changelog
If you like BBQ, please take a moment to give a 5-star rating. It helps to keep development and support going strong. Thank you!
2019/11/09
- Changes to
plugins_url()
forBBQ_URL
constant - Tests on WordPress 5.3
2019/09/02
- Updates some links to https
- Tests on WordPress 5.3 (alpha)
2019/05/01
- Bumps minimum PHP version to 5.6.20
- Adds activation check if BBQ Pro is active
- Updates default translation template
- Tests on WordPress 5.2
2019/03/11
- Improves function
bbq_action_links()
- Refines plugin settings screen UI
- Generates new default translation template
- Tests on WordPress 5.1 and 5.2 (alpha)
2019/02/20
- Tests on WordPress 5.1
2018/11/17
- Adds homepage link to Plugins screen
- Updates default translation template
- Tests on WordPress 5.0
2018/08/21
- Removes
.tar
from Request URI patterns - Adds
rel="noopener noreferrer"
to all blank-target links - Updates GDPR blurb and donate link
- Regenerates default translation template
- Further tests on WP 4.9 and 5.0 (alpha)
2018/05/11
- Adds
xrumer
to blocked query strings and request URIs - Adds
indoxploi
to blocked query strings and request URIs - Generates new translation template
- Tests on WordPress 5.0
2017/11/01
- Updates readme.txt 🙂
- Tests on WordPress 4.9
2017/10/19
- Changes
\/\.tar
to\.tar
in Request patterns - Changes
\/\.bash
to\.bash
in Request patterns - Adds new User Agent patterns:
shellshock
,md5sum
,\/bin\/bash
- Adds new Request patterns:
@@
,@eval
,\/file\:
,\/php\:
,\.cmd
,\.bat
,\.htacc
,\.htpas
,\.pass
,usr\/bin\/perl
,var\/lib\/php
,wp-config\.php
- Adds new Query String patterns:
@@
,\(0x
,0x3c62723e
,\(\)\}
,\:\;\}\;
,\;\!--\=
,@eval
,eval\(
,base64_
,UNION(.*)SELECT
,\/config\.
,\/wwwroot
,\/makefile
,\$_session
,\$_request
,\$_env
,\$_server
,\$_post
,\$_get
,phpinfo\(
,shell_exec\(
,file_get_contents
,allow_url_include
,disable_functions
,auto_prepend_file
,open_basedir
,(benchmark|sleep)(\s|%20)*\(
- Tests on WordPress 4.9
2017/07/30
- Changed menu item name to “BBQ Firewall”
- Tests on WordPress 4.9 (alpha)
2017/03/22
- Adds plugin settings page
- Adds French translation (thanks to Bouzin)
- Generates new default translation template
- Tests on WordPress version 4.8
2016/11/14
- Replaces
esc_html
withesc_attr
for link title attributes - Changes stable tag from trunk to latest version
- Adds
»
to rate this plugin link - Updates URL for rate this plugin link
- Moves “Go Pro” link to action links
- Renames action/meta link functions
- Updates default translation template
- Tests on WordPress version 4.7 (beta)
2016/08/10
- Added translation support
- Added plugin icons and larger banner
- General fine-tuning and testing
- Tested on WordPress 4.6
2016/03/28
- Removed
\:\/\/
from Request URI and Query String patterns (see this thread) - Added
(benchmark|sleep)(\s|%20)*\(
to Request URI patterns (thanks to smitka) - Tested on WordPress 3.5 beta
2015/11/07
- Added
\.php\([0-9]+\)
,__hdhdhd.php
to URI patterns (Thanks to George Lerner) - Added
acapbot
,semalt
to User Agent patterns (Thanks to George Lerner) - Replaced
UNION.*SELECT
withUNION(.*)SELECT
in Request URI patterns - Added
morfeus
,snoopy
to User Agent patterns - Refactored redirect/exit functionality
- Renamed
rate_bbq()
tobbq_links()
- Tested with WordPress 4.4 beta
2015/08/08
- Tested on WordPress 4.3
- Updated minimum version requirement
- Highlighted Pro link on Plugins screen
2015/06/24
- Replaced
UNION\+SELECT
withUNION.*SELECT
- Added
wp-config.php
to query-string patterns - Added plugin link to BBQ Pro
- Testing on WP 4.3 (alpha)
2015/05/07
- Tested with WP 4.2 and 4.3 (alpha)
- Replaced some
http
withhttps
in readme.txt
2015/03/14
- introduce
bbq_core()
- tested on latest WP
- tightened up code
2014/09/22
- tested on latest version of WordPress (4.0)
- retested on Multisite
- increased minimum version requirement to WP 3.7
2014/03/05
- Bugfix: added conditional checks for empty variables
2014/01/23
- tested on latest version of WordPress (3.8)
- added link to rate plugin
2013/11/03
- removed
?>
from script - added optional line for blocking long URLs
- added line to prevent direct access to BBQ script
- added
\;Nt\.
,\=Nt\.
,\,Nt\.
to request URI items - tested on latest version of WordPress (3.7)
2013/07/07
- replaced
Nt\.
with\/Nt\.
(resolves comment editing/approval issue)
2013/07/05
- removed
https\:
(from previous version) - replaced
\/https\/
with\/https\:
- replaced
\/http\/
with\/http\:
- replaced
\/ftp\/
with\/ftp\:
2013/07/04
- removed block for
jakarta
in user-agents - removed
union
from query strings - added to request-URI:
\%2Flocalhost
,Nt\.
,https\:
,\.exec\(
,\)\.html\(
,\{x\.html\(
,\(function\(
- resolved PHP Notice “Undefined Index” via
isset()
2013/01/03
- removed block for
CONCAT
in request-URI - removed block for
environ
in query-string - removed block for
%3C
and%3E
in query-string - removed block for
%22
and%27
in query-string - removed block for
[
and]
in query-string (to allow unsafe characters used in WordPress) - removed block for
?
in query-string (to allow unsafe character used in WordPress) - removed block for
:
in query-string (to allow unsafe character used by Google) - removed block for
libwww
in user-agents (to allow access to Lynx browser)
2012/11/08
- Removed
:
match from query string (Google disregards encoding) - Removed
scanner
from query string from query string match - Streamlined source code for better performance (thanks to juliobox)
Older versions
- 2012/10/27 – Disabled check for long strings, disabled check for scanner
- 2012/10/26 – Rebuilt plugin using 5G/6G technology
- 2011/02/21 – Updated readme.txt file
- 2009/12/30 – Added check for admin users
- 2009/12/30 – Additional request strings added
Ratings
Rating breakdown
Details Information
Version
First Released
Total Downloads
Wordpress Version
Tested up to:
Require PHP Version:
Tags
Contributors
Languages
DIRECTORY DISCLAIMER
The information provided in this THEME/PLUGIN DIRECTORY is made available for information purposes only, and intended to serve as a resource to enable visitors to select a relevant theme or plugin. wpSocket gives no warranty of any kind, express or implied with regard to the information, including without limitation any warranty that the particular theme or plugin that you select is qualified on your situation.
The information in the individual theme or plugin displayed in the Directory is provided by the owners and contributors themselves. wpSocket gives no warranty as to the accuracy of the information and will not be liable to you for any loss or damage suffered by you as a consequence of your reliance on the information.
Links to respective sites are offered to assist in accessing additional information. The links may be outdated or broken. Connect to outside sites at your own risk. The Theme/Plugin Directory does not endorse the content or accuracy of any listing or external website.
While information is made available, no guarantee is given that the details provided are correct, complete or up-to-date.
wpSocket is not related to the theme or plugin, and also not responsible and expressly disclaims all liability for, damages of any kind, arising out of the use, reference to, or reliance on, any information or business listed throughout our site.