BBQ: Block Bad Queries - Version 20201116

Version Description

To upgrade BBQ, remove old version and replace with new version. Or just click "Update" from the Plugins screen and let WordPress do it for you automatically. Nothing else needs done.

Note: uninstalling/deleting the plugin via the WP Plugins screen results in the removal of all settings and email data from the WP database.

Download this release

Release Info

Developer	specialk
Plugin	BBQ: Block Bad Queries
Version	20201116
Comparing to
See all releases

Code changes from version 20200811 to 20201116

Files changed (6) hide show

assets/admin-styles.css +1 -1
bbq-settings.php +3 -3
block-bad-queries.php +40 -23
languages/block-bad-queries.pot +56 -64
readme.txt +109 -28
uninstall.php +1 -1

assets/admin-styles.css CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- /* ~~Block~~ ~~Bad Queries~~ - Admin CSS */
2
3	.wp-admin h1 {
4	margin: 0 0 8px 0; padding: 8px 0 8px 55px; text-shadow: 1px 1px 1px rgba(255,255,255,0.5);


1	+ /* BBQ - Admin CSS */
2
3	.wp-admin h1 {
4	margin: 0 0 8px 0; padding: 8px 0 8px 55px; text-shadow: 1px 1px 1px rgba(255,255,255,0.5);

bbq-settings.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <?php // ~~Block~~ ~~Bad Queries~~ - Settings
2
3	if (!defined('ABSPATH')) exit;
4
	@@ -70,7 +70,7 @@ function bbq_validate_options($input) {
70	function bbq_settings_section_general() {
71
72	echo '<p>'. esc_html__('Thanks for using the free version of ', 'block-bad-queries');
73	- echo '<a target="_blank" rel="noopener noreferrer" href="https://wordpress.org/plugins/block-bad-queries/">'. esc_html__('~~Block~~ ~~Bad Queries (BBQ)~~', 'block-bad-queries') .'</a>.</p>';
74	echo '<p>'. esc_html__('The free version is completely plug-&-play, protecting your site automatically with no settings required.', 'block-bad-queries') .'</p>';
75
76	}
	@@ -175,7 +175,7 @@ add_action('admin_menu', 'bbq_menu_page');
175	function bbq_display_settings() { ?>
176
177	<div class="wrap">
178	- <h1><?php esc_html_e('~~Block~~ ~~Bad Queries~~', 'block-bad-queries'); ?></h1>
179	<form method="post" action="options.php">
180	<?php
181	settings_fields('bbq_options_free');


1	+ <?php // BBQ - Settings
2
3	if (!defined('ABSPATH')) exit;
4

70	function bbq_settings_section_general() {
71
72	echo '<p>'. esc_html__('Thanks for using the free version of ', 'block-bad-queries');
73	+ echo '<a target="_blank" rel="noopener noreferrer" href="https://wordpress.org/plugins/block-bad-queries/">'. esc_html__('BBQ Firewall', 'block-bad-queries') .'</a>.</p>';
74	echo '<p>'. esc_html__('The free version is completely plug-&-play, protecting your site automatically with no settings required.', 'block-bad-queries') .'</p>';
75
76	}

175	function bbq_display_settings() { ?>
176
177	<div class="wrap">
178	+ <h1><?php esc_html_e('BBQ Firewall', 'block-bad-queries'); ?></h1>
179	<form method="post" action="options.php">
180	<?php
181	settings_fields('bbq_options_free');

block-bad-queries.php CHANGED Viewed

	@@ -1,18 +1,17 @@
1	<?php
2	/*
3	- Plugin Name: ~~Block~~ ~~Bad Queries (BBQ)~~
4	Plugin URI: https://perishablepress.com/block-bad-queries/
5	- Description: BBQ is a super fast firewall that automatically protects WordPress against ~~malicious~~ ~~URL~~ ~~requests~~.
6	- Tags: firewall, ~~security~~, ~~protect~~, ~~malicious~~, ~~hack, blacklist,~~ ~~lockdown,~~ ~~eval~~, ~~http, query, request, secure, spam, whitelist~~
7	- Usage: No configuration necessary. Upload, activate and done. BBQ blocks bad queries automically to protect your site against malicious URL requests. For advanced protection check out BBQ Pro.
8	Author: Jeff Starr
9	Author URI: https://plugin-planet.com/
10	Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11	Donate link: https://monzillamedia.com/donate.html
12	Requires at least: 4.1
13	- Tested up to: 5.5
14	- Stable tag: ~~20200811~~
15	- Version: ~~20200811~~
16	Requires PHP: 5.6.20
17	Text Domain: block-bad-queries
18	Domain Path: /languages
	@@ -27,7 +26,7 @@
27
28	This program is distributed in the hope that it will be useful,
29	but WITHOUT ANY WARRANTY; without even the implied warranty of
30	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
31	GNU General Public License for more details.
32
33	You should have received a copy of the GNU General Public License
	@@ -38,37 +37,51 @@
38
39	if (!defined('ABSPATH')) die();
40
41	- if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '~~20200811~~');
42	if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
43	if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
44	if (!defined('BBQ_URL')) define('BBQ_URL', plugins_url('/block-bad-queries/'));
45
46	function bbq_core() {
47
48	- $request_uri_array = apply_filters('request_uri_items', array('@eval', 'eval$', '~~UNION~~(.)~~SELECT~~', '\(null$', 'base64_', '\/localhost', '~~\%2Flocalhost', '\/~~pingserver', 'wp-config\.php', '~~\/config\.~~', '\/wwwroot', '\/makefile', 'crossdomain\.', '~~proc\/~~self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https\:', '\/http\:', '\/ftp\:', '\/file\:', '\/php\:', '\/cgi\/', '\.~~cgi~~', '\.~~cmd~~', '\.~~bat~~', '\.~~exe~~', '\.~~sql~~', '\.~~ini~~', '\.~~dll~~', '\.~~htacc~~', '\.~~htpas~~', '\.~~pass~~', '\.~~asp~~', '\.~~jsp~~', '~~\.bash', '~~\/\.git', '~~\/\.svn~~', ' ', '\<', '\>', '~~\/\=~~', '~~\.\.\.~~', '~~\+\+\+', '@@', '\/&&', '\/Nt~~\.', '~~\;Nt~~\.', '~~\=Nt~~\.', '~~\,Nt\.~~', '\.exec$', '$\.html$', '\{x\.html\(', '~~\(function\(', '~~\.php\([0-9]+$', '(benchmark\|sleep)(\s\|%20)\(', 'indoxploi', 'xrumer', '~~guangxiymcd~~'));
49	- $query_string_array = apply_filters('query_string_items', array('@@', '$0x', '0x3c62723e', '\;\!--\=', '\($\}', '\:\;\}\;', '\.\.\/', '127\.0\.0\.1', 'UNION(.)SELECT', '@eval', 'eval\(', 'base64_', 'localhost', 'loopback', '\%0A', '\%0D', '\%00', '\%2e\%2e', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'input_file', 'execute', 'file_get_contents', 'mosconfig', 'open_basedir', '(benchmark\|sleep)(\s\|%20)\(', 'phpinfo\(', 'shell_exec\(', '\/wwwroot', '\/makefile', 'path\=\.', 'mod\=\.', 'wp-config\.php', '\/config\.', '\$_session', '\$_request', '\$_env', '\$_server', '\$_post', '\$_get', 'indoxploi', 'xrumer', '^www\.(.*)\.cn$'));
50	- $user_agent_array = apply_filters('user_agent_items', array('acapbot', '\/bin\/bash', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'md5sum', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'shellshock', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu'));
51
52	- $~~request_uri_string~~ = ~~false~~;
53	- ~~$query_string_string = false;~~
54	- $~~user_agent_string~~ = ~~false~~;











55
56	if (isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI'])) $request_uri_string = $_SERVER['REQUEST_URI'];
57	if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) $query_string_string = $_SERVER['QUERY_STRING'];
58	if (isset($_SERVER['HTTP_USER_AGENT']) && !empty($_SERVER['HTTP_USER_AGENT'])) $user_agent_string = $_SERVER['HTTP_USER_AGENT'];

59
60	- if ($request_uri_string \|\| $query_string_string \|\| $user_agent_string) {
61
62	if (
63
64	- // strlen( $~~_SERVER['REQUEST_URI']~~ ) > ~~255~~ \|\| ~~// optional~~

65
66	- preg_match('/'. implode('\|', $request_uri_array) .'/i', $request_uri_string) \|\|
67	- preg_match('/'. implode('\|', $query_string_array) .'/i', $query_string_string) \|\|
68	- preg_match('/'. implode('\|', $user_agent_array) .'/i', $user_agent_string)

69
70	) {
71


72	bbq_response();
73
74	}
	@@ -80,9 +93,13 @@ add_action('plugins_loaded', 'bbq_core');
80
81	function bbq_response() {
82
83	- ~~header~~('HTTP/1.1 403 Forbidden');
84	- ~~header~~('Status: 403 Forbidden');
85	- ~~header~~('Connection: Close');




86
87	exit();
88


1	<?php
2	/*
3	+ Plugin Name: BBQ Firewall
4	Plugin URI: https://perishablepress.com/block-bad-queries/
5	+ Description: BBQ is a super fast firewall that automatically protects WordPress against a wide range of threats.
6	+ Tags: firewall, secure, security, malware, web application firewall, waf

7	Author: Jeff Starr
8	Author URI: https://plugin-planet.com/
9	Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
10	Donate link: https://monzillamedia.com/donate.html
11	Requires at least: 4.1
12	+ Tested up to: 5.6
13	+ Stable tag: 20201116
14	+ Version: 20201116
15	Requires PHP: 5.6.20
16	Text Domain: block-bad-queries
17	Domain Path: /languages

26
27	This program is distributed in the hope that it will be useful,
28	but WITHOUT ANY WARRANTY; without even the implied warranty of
29	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30	GNU General Public License for more details.
31
32	You should have received a copy of the GNU General Public License

37
38	if (!defined('ABSPATH')) die();
39
40	+ if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20201116');
41	if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
42	if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
43	if (!defined('BBQ_URL')) define('BBQ_URL', plugins_url('/block-bad-queries/'));
44
45	function bbq_core() {
46
47	+ $request_uri_array = apply_filters('request_uri_items', array('\s', '<', '>', '\^', '`', '@@', '\?\?', '\/&&', '\\', '\/=', '\/:\/', '\/\/\/', '\.\.\.', '\/\(.)\\/', '\+\+\+', '\{0\}', '0x00', '%00', '$\/\(', '(\/\|;\|=\|,)nt\.', '@eval', 'eval\(', 'union(.)select', '\(null$', 'base64_', '(\/\|%2f)localhost', '(\/\|%2f)pingserver', 'wp-config\.php', '(\/\|\.)(s?ftp-?)?conf(ig)?(uration)?\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https:', '\/http:', '\/ftp:', '\/file:', '\/php:', '\/cgi\/', '\.asp', '\.bak', '\.bash', '\.bat', '\.cfg', '\.cgi', '\.cmd', '\.conf', '\.db', '\.dll', '\.ds_store', '\.exe', '\/\.git', '\.hta', '\.htp', '\.inc', '\.init?', '\.jsp', '\.mysql', '\.pass', '\.pwd', '\.sql', '\/\.svn', '\.exec$', '$\.html$', '\{x\.html\(', '\.php\([0-9]+$', '(benchmark\|sleep)(\s\|%20)$', '\/(db\|mysql)-?admin', '\/document_root', '\/error_log', 'indoxploi', '\/sqlpatch', 'xrumer', 'www\.(.)\.cn', '%3Cscript', '\/vbforum(\/)?', '\/vbulletin(\/)?', '\{\$itemURL\}', '(\/bin\/)(cc\|chmod\|chsh\|cpp\|echo\|id\|kill\|mail\|nasm\|perl\|ping\|ps\|python\|tclsh)(\/)?$', '((curl_\|shell_)?exec\|(f\|p)open\|function\|fwrite\|leak\|p?fsockopen\|passthru\|phpinfo\|posix_(kill\|mkfifo\|setpgid\|setsid\|setuid)\|proc_(close\|get_status\|nice\|open\|terminate)\|system)(.)(\()(.)($)', '(\/)(^$\|0day\|configbak\|curltest\|db\|index\.php\/index\|(my)?sql\|(php\|web)?shell\|php-?info\|temp00\|vuln\|webconfig)(\.php)'));


48
49	+ $query_string_array = apply_filters('query_string_items', array('$0x', '0x3c62723e', ';!--=', '\($\}', ':;\};', '\.\.\/', '\/\\\/', '127\.0\.0\.1', 'localhost', 'loopback', '%0a', '%0d', '%00', '%2e%2e', '%0d%0a', '@copy', 'concat(.)($\|%28)', 'allow_url_(fopen\|include)', '(c99\|php\|web)shell', 'auto_prepend_file', 'disable_functions?', 'gethostbyname', 'input_file', 'execute', 'safe_mode', 'file_(get\|put)_contents', 'mosconfig', 'open_basedir', 'outfile', 'proc_open', 'root_path', 'user_func_array', 'path=\.', 'mod=\.', '(globals\|request)(=\|\[)', 'f(fclose\|fgets\|fputs\|fsbuff)', '\$_(env\|files\|get\|post\|request\|server\|session)', '(\+\|%2b)(concat\|delete\|get\|select\|union)(\+\|%2b)', '(cmd\|command)(=\|%3d)(chdir\|mkdir)', '(absolute_\|base\|root_)(dir\|path)(=\|%3d)(ftp\|https?)', '(s)?(ftp\|inurl\|php)(s)?(:(\/\|%2f\|%u2215)(\/\|%2f\|%u2215))', '(\/\|%2f)(=\|%3d\|\$&\|_mm\|cgi(\.\|-)\|inurl(:\|%3a)(\/\|%2f)\|(mod\|path)(=\|%3d)(\.\|%2e))', '(;\|<\|>\|\'\|"\|$\|%0a\|%0d\|%22\|%27\|%3c\|%3e\|%00)(.)(\/\*\|alter\|base64\|benchmark\|cast\|char\|concat\|convert\|create\|declare\|delete\|drop\|encode\|exec\|fopen\|function\|html\|insert\|md5\|order\|request\|script\|select\|set\|union\|update)'));
50	+
51	+ $user_agent_array = apply_filters('user_agent_items', array('<', '%0a', '%0d', '%27', '%3c', '%3e', '%00', '0x00', '\/bin\/bash', '360Spider', 'acapbot', 'acoonbot', 'ahrefs', 'alexibot', 'asterias', 'attackbot', 'backdorbot', 'base64_decode', 'becomebot', 'binlar', 'blackwidow', 'blekkobot', 'blexbot', 'blowfish', 'bullseye', 'bunnys', 'butterfly', 'careerbot', 'casper', 'checkpriv', 'cheesebot', 'cherrypick', 'chinaclaw', 'choppy', 'clshttp', 'cmsworld', 'copernic', 'copyrightcheck', 'cosmos', 'crescent', 'cy_cho', 'datacha', 'demon', 'diavol', 'discobot', 'disconnect', 'dittospyder', 'dotbot', 'dotnetdotcom', 'dumbot', 'emailcollector', 'emailsiphon', 'emailwolf', 'eval\(', 'exabot', 'extract', 'eyenetie', 'feedfinder', 'flaming', 'flashget', 'flicky', 'foobot', 'g00g1e', 'getright', 'gigabot', 'go-ahead-got', 'gozilla', 'grabnet', 'grafula', 'harvest', 'heritrix', 'httrack', 'icarus6j', 'jetbot', 'jetcar', 'jikespider', 'kmccrew', 'leechftp', 'libweb', 'linkextractor', 'linkscan', 'linkwalker', 'loader', 'lwp-download', 'masscan', 'miner', 'majestic', 'md5sum', 'mechanize', 'mj12bot', 'morfeus', 'moveoverbot', 'netmechanic', 'netspider', 'nicerspro', 'nikto', 'ninja', 'nutch', 'octopus', 'pagegrabber', 'planetwork', 'postrank', 'proximic', 'purebot', 'pycurl', 'python', 'queryn', 'queryseeker', 'radian6', 'radiation', 'realdownload', 'remoteview', 'rogerbot', 'scooter', 'seekerspider', 'semalt', '(c99\|php\|web)shell', 'shellshock', 'siclab', 'sindice', 'sistrix', 'sitebot', 'site(.*)copier', 'siteexplorer', 'sitesnagger', 'skygrid', 'smartdownload', 'snoopy', 'sosospider', 'spankbot', 'spbot', 'sqlmap', 'stackrambler', 'stripper', 'sucker', 'surftbot', 'sux0r', 'suzukacz', 'suzuran', 'takeout', 'teleport', 'telesoft', 'true_robots', 'turingos', 'turnit', 'unserialize', 'vampire', 'vikspider', 'voideye', 'webleacher', 'webreaper', 'webstripper', 'webvac', 'webviewer', 'webwhacker', 'winhttp', 'wwwoffle', 'woxbot', 'xaldon', 'xxxyy', 'yamanalab', 'yioopbot', 'youda', 'zeus', 'zmeu', 'zune', 'zyborg'));
52	+
53	+ $referrer_array = apply_filters('referrer_items', array('ambien', 'blue\s?pill', 'ejaculat', 'erectile', 'erections', 'hoodia', 'huronriver', 'impotence', 'levitra', 'libido', 'lipitor', 'phentermin', 'pro[sz]ac', 'sandyauer', 'semalt\.com', 'todaperfeita', 'tramadol', 'ultram', 'unicauca', 'valium', 'viagra', 'vicodin', 'xanax', 'ypxaieo'));
54	+
55	+ //
56	+
57	+ $request_uri_string = '';
58	+ $query_string_string = '';
59	+ $user_agent_string = '';
60	+ $referrer_string = '';
61	+
62	+ $matches = array();
63
64	if (isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI'])) $request_uri_string = $_SERVER['REQUEST_URI'];
65	if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) $query_string_string = $_SERVER['QUERY_STRING'];
66	if (isset($_SERVER['HTTP_USER_AGENT']) && !empty($_SERVER['HTTP_USER_AGENT'])) $user_agent_string = $_SERVER['HTTP_USER_AGENT'];
67	+ if (isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) $referrer_string = $_SERVER['HTTP_REFERER'];
68
69	+ if ($request_uri_string \|\| $query_string_string \|\| $user_agent_string \|\| $referrer_string) {
70
71	if (
72
73	+ strlen($request_uri_string) > 2000 \|\|
74	+ strlen($referrer_string) > 2000 \|\|
75
76	+ preg_match('/'. implode('\|', $request_uri_array) .'/i', $request_uri_string, $matches) \|\|
77	+ preg_match('/'. implode('\|', $query_string_array) .'/i', $query_string_string, $matches) \|\|
78	+ preg_match('/'. implode('\|', $user_agent_array) .'/i', $user_agent_string, $matches) \|\|
79	+ preg_match('/'. implode('\|', $referrer_array) .'/i', $referrer_string, $matches)
80
81	) {
82
83	+ // if (isset($matches[0])) error_log('BBQ: '. $matches[0]);
84	+
85	bbq_response();
86
87	}

93
94	function bbq_response() {
95
96	+ $header_1 = apply_filters('bbq_header_1', 'HTTP/1.1 403 Forbidden');
97	+ $header_2 = apply_filters('bbq_header_2', 'Status: 403 Forbidden');
98	+ $header_3 = apply_filters('bbq_header_3', 'Connection: Close');
99	+
100	+ header($header_1);
101	+ header($header_2);
102	+ header($header_3);
103
104	exit();
105

languages/block-bad-queries.pot CHANGED Viewed

	@@ -3,7 +3,7 @@ msgid ""
3	msgstr ""
4	"Project-Id-Version: PACKAGE VERSION\n"
5	"Report-Msgid-Bugs-To: \n"
6	- "POT-Creation-Date: ~~2019~~-05-01 21:17+0000\n"
7	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
8	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
9	"Language-Team: \n"
	@@ -14,120 +14,112 @@ msgstr ""
14	"Content-Transfer-Encoding: 8bit\n"
15	"X-Generator: Loco https://localise.biz/"
16
17	- #: bbq-settings.php:29
18	- msgid "~~Warning:~~"
19	- msgstr ""
20	-
21	- #: bbq-settings.php:30
22	- msgid "Free and Pro versions of BBQ cannot be activated at the same time. "
23	- msgstr ""
24	-
25	- #: bbq-settings.php:31
26	- msgid "Please return to the "
27	msgstr ""
28
29	- #: ~~bbq-settings.php:32~~
30	- ~~msgid~~ ~~"WordPress~~ ~~Admin~~ ~~Area"~~

31	msgstr ""
32
33	- #: ~~bbq-settings.php:33~~
34	- msgid "~~and try again.~~"


35	msgstr ""
36
37	- #: bbq-settings.php:52
38	- msgid "~~Plugin~~ ~~Information~~"
39	msgstr ""
40
41	#: bbq-settings.php:55
42	msgid "BBQ Version"
43	msgstr ""
44
45	- #: bbq-settings.php:57
46	- msgid "~~Upgrade~~ to ~~BBQ~~ ~~Pro~~"
47	- msgstr ""
48	-
49	- #: bbq-settings.php:72
50	- msgid "Thanks for using the free version of "
51	msgstr ""
52
53	- #. ~~Name of the plugin~~
54	- #: ~~bbq-settings~~.~~php:73~~
55	- msgid "Block Bad Queries (BBQ)"
56	msgstr ""
57
58	- #: bbq-settings.php:74
59	- msgid ""
60	- "The free version is completely plug-&-play, protecting your site "
61	- "automatically with no settings required."
62	msgstr ""
63
64	- #: bbq-settings.php:81
65	- msgid ""
66	- "Upgrade your site security with advanced protection and complete control. "
67	msgstr ""
68
69	- #: bbq-settings.php:82
70	- msgid "~~BBQ~~ Pro~~: Advanced WordPress Firewall~~"
71	msgstr ""
72
73	- #: bbq-settings.php:87
74	- msgid "~~Get BBQ Pro »~~"
75	msgstr ""
76
77	- #: ~~bbq-settings.php:115~~
78	- msgid "~~Visit the BBQ plugin page~~"
79	msgstr ""
80
81	- #: ~~bbq-settings.php:116~~
82	- msgid "~~Settings~~"
83	msgstr ""
84
85	- #: ~~bbq-settings.php:127~~
86	- msgid "~~Get~~ ~~BBQ Pro for advanced protection~~"
87	msgstr ""
88
89	- #: bbq-settings.php:~~128~~
90	- msgid "~~Go Pro~~"
91	msgstr ""
92
93	#: bbq-settings.php:147
94	msgid "Plugin Homepage"
95	msgstr ""
96
97	- #: bbq-settings.php:~~148~~
98	- msgid "~~Homepage~~"
99	- msgstr ""
100	-
101	- #: bbq-settings.php:153
102	- msgid "Click here to rate and review this plugin at WordPress.org"
103	msgstr ""
104
105	#: bbq-settings.php:154
106	msgid "Rate this plugin »"
107	msgstr ""
108
109	- #: bbq-settings.php:~~167~~
110	- msgid "~~BBQ Firewall~~"
111	msgstr ""
112
113	- #: bbq-settings.php:~~178~~
114	- msgid "~~Block~~ ~~Bad~~ ~~Queries~~"
115	msgstr ""
116
117	- #. ~~Description of the plugin~~
118	msgid ""
119	- "~~BBQ~~ is a ~~super~~ ~~fast~~ ~~firewall~~ ~~that~~ ~~automatically~~ ~~protects~~ ~~WordPress against~~ "
120	- "~~malicious~~ ~~URL~~ ~~requests~~."
121	msgstr ""
122
123	- #. ~~URI of the plugin~~
124	- msgid "~~https://perishablepress.com/block-bad-queries/~~"
125	msgstr ""
126
127	- #. ~~Author of the plugin~~
128	- msgid "~~Jeff Starr~~"

129	msgstr ""
130
131	- #. ~~Author URI of the plugin~~
132	- msgid "~~https://~~plugin~~-planet.com/~~"








133	msgstr ""


3	msgstr ""
4	"Project-Id-Version: PACKAGE VERSION\n"
5	"Report-Msgid-Bugs-To: \n"
6	+ "POT-Creation-Date: 2020-11-19 23:48+0000\n"
7	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
8	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
9	"Language-Team: \n"

14	"Content-Transfer-Encoding: 8bit\n"
15	"X-Generator: Loco https://localise.biz/"
16
17	+ #: bbq-settings.php:33
18	+ msgid "and try again."








19	msgstr ""
20
21	+ #. Name of the plugin
22	+ #: bbq-settings.php:73 bbq-settings.php:167 bbq-settings.php:178
23	+ msgid "BBQ Firewall"
24	msgstr ""
25
26	+ #. Description of the plugin
27	+ msgid ""
28	+ "BBQ is a super fast firewall that automatically protects WordPress against a "
29	+ "wide range of threats."
30	msgstr ""
31
32	+ #: bbq-settings.php:82
33	+ msgid "BBQ Pro: Advanced WordPress Firewall"
34	msgstr ""
35
36	#: bbq-settings.php:55
37	msgid "BBQ Version"
38	msgstr ""
39
40	+ #: bbq-settings.php:153
41	+ msgid "Click here to rate and review this plugin at WordPress.org"




42	msgstr ""
43
44	+ #: bbq-settings.php:30
45	+ msgid "Free and Pro versions of BBQ cannot be activated at the same time. "

46	msgstr ""
47
48	+ #: bbq-settings.php:87
49	+ msgid "Get BBQ Pro »"


50	msgstr ""
51
52	+ #: bbq-settings.php:127
53	+ msgid "Get BBQ Pro for advanced protection"

54	msgstr ""
55
56	+ #: bbq-settings.php:128
57	+ msgid "Go Pro"
58	msgstr ""
59
60	+ #: bbq-settings.php:148
61	+ msgid "Homepage"
62	msgstr ""
63
64	+ #. URI of the plugin
65	+ msgid "https://perishablepress.com/block-bad-queries/"
66	msgstr ""
67
68	+ #. Author URI of the plugin
69	+ msgid "https://plugin-planet.com/"
70	msgstr ""
71
72	+ #. Author of the plugin
73	+ msgid "Jeff Starr"
74	msgstr ""
75
76	+ #: bbq-settings.php:31
77	+ msgid "Please return to the "
78	msgstr ""
79
80	#: bbq-settings.php:147
81	msgid "Plugin Homepage"
82	msgstr ""
83
84	+ #: bbq-settings.php:52
85	+ msgid "Plugin Information"




86	msgstr ""
87
88	#: bbq-settings.php:154
89	msgid "Rate this plugin »"
90	msgstr ""
91
92	+ #: bbq-settings.php:116
93	+ msgid "Settings"
94	msgstr ""
95
96	+ #: bbq-settings.php:72
97	+ msgid "Thanks for using the free version of "
98	msgstr ""
99
100	+ #: bbq-settings.php:74
101	msgid ""
102	+ "The free version is completely plug-&-play, protecting your site "
103	+ "automatically with no settings required."
104	msgstr ""
105
106	+ #: bbq-settings.php:57
107	+ msgid "Upgrade to BBQ Pro"
108	msgstr ""
109
110	+ #: bbq-settings.php:81
111	+ msgid ""
112	+ "Upgrade your site security with advanced protection and complete control. "
113	msgstr ""
114
115	+ #: bbq-settings.php:115
116	+ msgid "Visit the BBQ plugin page"
117	+ msgstr ""
118	+
119	+ #: bbq-settings.php:29
120	+ msgid "Warning:"
121	+ msgstr ""
122	+
123	+ #: bbq-settings.php:32
124	+ msgid "WordPress Admin Area"
125	msgstr ""

readme.txt CHANGED Viewed

	@@ -1,18 +1,17 @@
1	- === BBQ: ~~Block~~ ~~Bad Queries~~ ===
2
3	- Plugin Name: ~~Block~~ ~~Bad Queries (BBQ)~~
4	Plugin URI: https://perishablepress.com/block-bad-queries/
5	- Description: BBQ is a super fast firewall that automatically protects WordPress against ~~malicious~~ ~~URL~~ ~~requests~~.
6	- Tags: firewall, ~~security~~, ~~protect~~, ~~malicious~~, ~~hack, blacklist,~~ ~~lockdown,~~ ~~eval~~, ~~http, query, request, secure, spam, whitelist~~
7	- Usage: No configuration necessary. Upload, activate and done. BBQ blocks bad queries automically to protect your site against malicious URL requests. For advanced protection check out BBQ Pro.
8	Author: Jeff Starr
9	Author URI: https://plugin-planet.com/
10	Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11	Donate link: https://monzillamedia.com/donate.html
12	Requires at least: 4.1
13	- Tested up to: 5.5
14	- Stable tag: ~~20200811~~
15	- Version: ~~20200811~~
16	Requires PHP: 5.6.20
17	Text Domain: block-bad-queries
18	Domain Path: /languages
	@@ -27,38 +26,58 @@ The fastest firewall plugin for WordPress.
27	> Install, activate, and done!
28	> Powerful protection from WP's __fastest__ firewall plugin.
29
30	- [~~Block~~ ~~Bad Queries~~](https://perishablepress.com/block-bad-queries/) ~~(BBQ)~~ is a ~~simple~~, super-fast plugin that protects your site against ~~malicious~~ ~~URL~~ ~~requests~~. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like `eval(`, `base64_`, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a [strong .htaccess firewall](https://perishablepress.com/6g/).





















31
32
33	Awesome Features
34
35	- * ~~100%~~ ~~Plug-n-play~~ ~~functionality~~
36	- * No configuration required (it just works)
37	- * ~~Born~~ of ~~speed~~ ~~and~~ ~~simplicity, no frills~~

38	* 100% focused on security and performance
39	- * Blocks a wide range of malicious requests
40	- * ~~Blocks~~ ~~directory~~ ~~traversal~~ ~~attacks~~
41	- * ~~Blocks~~ ~~executable~~ ~~file~~ ~~uploads~~
42	- * Blocks SQL injection attacks
43	- * Based on the [5G/6G Firewall](https://perishablepress.com/6g/)
44	* Scans all incoming traffic and blocks bad requests
45	* Scans all types of requests: GET, POST, PUT, DELETE, etc.

46	* Works silently behind the scenes to protect your site
47	* Hassle-free security plugin that's easy to use
48	* Thoroughly tested, error-free performance

49	* Compatible with other security plugins
50	* Regularly updated and "future proof"
51	- * Customize blocked strings via [Whitelist/Blacklist plugins](https://perishablepress.com/bbq-whitelist-blacklist/)

52
53
54	Privacy
55
56	This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.
57
58	-
59	- Pro Version
60	-
61	- For advanced protection and awesome features, check out [BBQ Pro](https://plugin-planet.com/bbq-pro/).
62
63
64
	@@ -68,19 +87,24 @@ For advanced protection and awesome features, check out [BBQ Pro](https://plugin
68
69	1. Install, activate, done.
70
71	- Once active, BBQ ~~automically~~ ~~blocks~~ ~~bad queries to protect~~ your site against ~~malicious~~ ~~URL~~ ~~requests~~. For more control and stronger protection, [check out BBQ Pro »](https://plugin-planet.com/bbq-pro/)
72
73	[More info on installing WP plugins](https://wordpress.org/support/article/managing-plugins/#installing-plugins)
74
75
76	Customizing
77
78	- * To allow patterns otherwise blocked by BBQ, check out the [BBQ Whitelist plugin](https://perishablepress.com/bbq-whitelist-blacklist/)
79	- * To block patterns otherwise allowed by BBQ, check out the [BBQ Blacklist plugin](https://perishablepress.com/bbq-whitelist-blacklist/)
80
81	Note that the [Pro version of BBQ](https://plugin-planet.com/bbq-pro/) makes it possible to customize patterns (add, edit, remove) directly via the plugin settings, with a click.
82
83





84	Like the plugin?
85
86	If you like BBQ, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you!
	@@ -91,11 +115,13 @@ If you like BBQ, please take a moment to [give a 5-star rating](https://wordpres
91
92	To upgrade BBQ, remove old version and replace with new version. Or just click "Update" from the Plugins screen and let WordPress do it for you automatically. Nothing else needs done.
93


94
95
96	== Screenshots ==
97
98	- ~~Sorry,~~ ~~there~~ are no screenshots for BBQ! Everything is done behind the scenes.
99
100	The free version of BBQ is strictly plug-n-play, set-it-and-forget-it, with no settings to configure whatsoever. Just install, activate, and enjoy better security and robust protection against malicious requests.
101
	@@ -105,6 +131,16 @@ The Pro version of BBQ is just as fast and simple to use, but is much more power
105
106	== Frequently Asked Questions ==
107










108	What other security plugins do you recommend?
109
110	I recently recorded a video tutorial series for Lynda.com on [how to secure WordPress sites](https://m0n.co/securewp). That's a good place to learn more about the best techniques and WP plugins for protecting your site against threats.
	@@ -170,7 +206,36 @@ Yes, check out [Blackhole for Bad Bots](https://wordpress.org/plugins/blackhole-
170
171	My PHP checker found something?
172
173	- If you are using some PHP checker that's reporting an error or bad string in BBQ, it's a false positive and safe to ignore. Why? Because the PHP checker is finding the static strings/patterns that BBQ uses to identify and block bad requests. In other words, your PHP checker is finding a static string thinking it is live code. It's not. If possible, please take a moment to report this to the developers of your PHP checker. They should be happy to improve the accuracy and quality of their plugin.





























174
175
176	Got a question?
	@@ -193,7 +258,7 @@ And/or purchase one of my premium WordPress plugins:
193	* [BBQ Pro](https://plugin-planet.com/bbq-pro/) - Super fast WordPress firewall
194	* [Blackhole Pro](https://plugin-planet.com/blackhole-pro/) - Automatically block bad bots
195	* [Banhammer Pro](https://plugin-planet.com/banhammer-pro/) - Monitor traffic and ban the bad guys
196	- * [GA Google Analytics Pro](https://plugin-planet.com/ga-google-analytics-pro/) - Connect ~~your~~ WordPress to Google Analytics
197	* [USP Pro](https://plugin-planet.com/usp-pro/) - Unlimited front-end forms
198
199	Links, tweets and likes also appreciated. Thank you! :)
	@@ -205,6 +270,22 @@ Links, tweets and likes also appreciated. Thank you! :)
205	If you like BBQ, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you!
206
207
















208	2020/08/11
209
210	* Replaces `guangxiymcd` with wildcard match `www.(.*).cn`


1	+ === BBQ Firewall ===
2
3	+ Plugin Name: BBQ Firewall
4	Plugin URI: https://perishablepress.com/block-bad-queries/
5	+ Description: BBQ is a super fast firewall that automatically protects WordPress against a wide range of threats.
6	+ Tags: firewall, secure, security, malware, web application firewall, waf

7	Author: Jeff Starr
8	Author URI: https://plugin-planet.com/
9	Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
10	Donate link: https://monzillamedia.com/donate.html
11	Requires at least: 4.1
12	+ Tested up to: 5.6
13	+ Stable tag: 20201116
14	+ Version: 20201116
15	Requires PHP: 5.6.20
16	Text Domain: block-bad-queries
17	Domain Path: /languages

26	> Install, activate, and done!
27	> Powerful protection from WP's __fastest__ firewall plugin.
28
29	+ [BBQ Firewall](https://perishablepress.com/block-bad-queries/) is a lightweight, super-fast plugin that protects your site against a wide range of threats. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like `eval(`, `base64_`, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a [strong Apache/.htaccess firewall](https://perishablepress.com/7g-firewall/).
30	+
31	+ > Adds a strong firewall to ANY WordPress site
32	+ > Works with all WordPress plugins and themes
33	+
34	+
35	+ Powerful Protection
36	+
37	+ BBQ protects your site against many threats:
38	+
39	+ * SQL injection attacks
40	+ * Executable file uploads
41	+ * Directory traversal attacks
42	+ * Unsafe character requests
43	+ * Excessively long requests
44	+ * PHP remote/file execution
45	+ * XSS, XXE, and related attacks
46	+ * Protects against bad bots
47	+ * Protects against bad referrers
48	+ * Plus many other bad requests
49	+
50	+ > Works great with [Blackhole for Bad Bots](https://wordpress.org/plugins/blackhole-bad-bots/)
51
52
53	Awesome Features
54
55	+ BBQ provides all the best firewall features:
56	+
57	+ * Rated [5 stars](https://wordpress.org/plugins/block-bad-queries/#reviews) at WordPress.org
58	+ * 100% plug-&-play, zero configuration
59	* 100% focused on security and performance
60	+ * Blocks a wide range of malicious URL requests
61	+ * Fastest Web Application Firewall (WAF) for WordPress
62	+ * Based on the [6G](https://perishablepress.com/6g/)/[7G Firewall](https://perishablepress.com/7g-firewall/)


63	* Scans all incoming traffic and blocks bad requests
64	* Scans all types of requests: GET, POST, PUT, DELETE, etc.
65	+ * Protects against known bad bots and referrers
66	* Works silently behind the scenes to protect your site
67	* Hassle-free security plugin that's easy to use
68	* Thoroughly tested, error-free performance
69	+ * Extremely low rate of false positives
70	* Compatible with other security plugins
71	* Regularly updated and "future proof"
72	+
73	+ > For advanced protection and features, check out [BBQ Pro »](https://plugin-planet.com/bbq-pro/)
74
75
76	Privacy
77
78	This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.
79
80	+ > BBQ = Block Bad Queries



81
82
83

87
88	1. Install, activate, done.
89
90	+ Once active, BBQ automatically protects your site against threats. Quietly, behind the scenes. For more control and stronger protection, [check out BBQ Pro »](https://plugin-planet.com/bbq-pro/)
91
92	[More info on installing WP plugins](https://wordpress.org/support/article/managing-plugins/#installing-plugins)
93
94
95	Customizing
96
97	+ * To allow patterns otherwise blocked by BBQ, check out the [BBQ Whitelist plugin](https://perishablepress.com/bbq-whitelist-blacklist/#bbq-whitelist)
98	+ * To block patterns otherwise allowed by BBQ, check out the [BBQ Blacklist plugin](https://perishablepress.com/bbq-whitelist-blacklist/#bbq-blacklist)
99
100	Note that the [Pro version of BBQ](https://plugin-planet.com/bbq-pro/) makes it possible to customize patterns (add, edit, remove) directly via the plugin settings, with a click.
101
102
103	+ Uninstalling
104	+
105	+ This plugin cleans up after itself. All plugin settings will be removed from your database when the plugin is uninstalled via the Plugins screen.
106	+
107	+
108	Like the plugin?
109
110	If you like BBQ, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you!

115
116	To upgrade BBQ, remove old version and replace with new version. Or just click "Update" from the Plugins screen and let WordPress do it for you automatically. Nothing else needs done.
117
118	+ Note: uninstalling/deleting the plugin via the WP Plugins screen results in the removal of all settings and email data from the WP database.
119	+
120
121
122	== Screenshots ==
123
124	+ There are no screenshots for BBQ! Everything is done behind the scenes.
125
126	The free version of BBQ is strictly plug-n-play, set-it-and-forget-it, with no settings to configure whatsoever. Just install, activate, and enjoy better security and robust protection against malicious requests.
127

131
132	== Frequently Asked Questions ==
133
134	+
135	+ How to test that the plugin is working?
136	+
137	+ To test that the plugin is working, you can request any of the blocked patterns. For example, visit your site's homepage and enter the following URL:
138	+
139	+ https://example.com/eval(
140	+
141	+ Replace `example.com` with your site's actual domain. If BBQ is active, the request for that URL will be blocked (with a "403 Forbidden" status). This means the plugin is working properly. You can test other patterns as well. To view all the patterns blocked by BBQ, look at the function `bbq_core()` located in `block-bad-queries.php`.
142	+
143	+
144	What other security plugins do you recommend?
145
146	I recently recorded a video tutorial series for Lynda.com on [how to secure WordPress sites](https://m0n.co/securewp). That's a good place to learn more about the best techniques and WP plugins for protecting your site against threats.

206
207	My PHP checker found something?
208
209	+ If you are using some PHP checker that's reporting an error or bad string in BBQ, it's a false positive and safe to ignore. Why? Because the PHP checker is finding the static strings/patterns that BBQ uses to identify and block bad requests. In other words, your PHP checker is finding a static string thinking it is live code. It's not. If possible, please take a moment to report this to the developers of your PHP checker. They should be happy to improve the accuracy and quality of their plugin. [More info](https://wordpress.org/support/topic/on-php-checker-results/).
210	+
211	+
212	+ How to enable logging?
213	+
214	+ BBQ can be configured to log the matching pattern for any blocked request. By default, BBQ will add a log entry in the site's default error log. To enable logging, open the file, `block-bad-queries.php`, and locate the following line:
215	+
216	+ // if (isset($matches[0])) error_log('BBQ: '. $matches[0]);
217	+
218	+ Change that line to this:
219	+
220	+ if (isset($matches[0])) error_log('BBQ: '. $matches[0]);
221	+
222	+ By removing the `//`, the line will be active and logging enabled. Try a test, visit your homepage and request the following URL:
223	+
224	+ https://example.com/eval(
225	+
226	+ Replace `example.com` with your site's actual domain. The request should be blocked by BBQ. So now you can visit your site's error log. The blocked pattern, in this case `eval(`, will be recorded in the error log like so:
227	+
228	+ BBQ: eval(
229	+
230	+ When you have finished testing/logging, make sure to disable logging by replacing this line:
231	+
232	+ if (isset($matches[0])) error_log('BBQ: '. $matches[0]);
233	+
234	+ With this:
235	+
236	+ // if (isset($matches[0])) error_log('BBQ: '. $matches[0]);
237	+
238	+ That is the default, which is logging = disabled.
239
240
241	Got a question?

258	* [BBQ Pro](https://plugin-planet.com/bbq-pro/) - Super fast WordPress firewall
259	* [Blackhole Pro](https://plugin-planet.com/blackhole-pro/) - Automatically block bad bots
260	* [Banhammer Pro](https://plugin-planet.com/banhammer-pro/) - Monitor traffic and ban the bad guys
261	+ * [GA Google Analytics Pro](https://plugin-planet.com/ga-google-analytics-pro/) - Connect WordPress to Google Analytics
262	* [USP Pro](https://plugin-planet.com/usp-pro/) - Unlimited front-end forms
263
264	Links, tweets and likes also appreciated. Thank you! :)

270	If you like BBQ, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you!
271
272
273	+ 2020/11/16
274	+
275	+ * Improves XSS protection
276	+ * Improves logic of `bbq_core()`
277	+ * Integrates 7G patterns to firewall rules
278	+ * Removes some redundant firewall patterns
279	+ * Adds protection against excessive characters
280	+ * Adds logging functionality (disabled by default)
281	+ * Adds filter hooks to customize blocked response
282	+ * Replaces `guangxiymcd` with `www\.(.*)\.cn`
283	+ * Changes plugin name to "BBQ Firewall"
284	+ * Updates default translation template
285	+ * Updates/refines readme.txt
286	+ * Tests on PHP 7.4 and 8.0
287	+ * Tests on WordPress 5.6
288	+
289	2020/08/11
290
291	* Replaces `guangxiymcd` with wildcard match `www.(.*).cn`

uninstall.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <?php // ~~Block~~ ~~Bad Queries~~ - Uninstall Remove Options
2
3	if (!defined('ABSPATH') && !defined('WP_UNINSTALL_PLUGIN')) exit();
4


1	+ <?php // BBQ - Uninstall Remove Options
2
3	if (!defined('ABSPATH') && !defined('WP_UNINSTALL_PLUGIN')) exit();
4