BBQ: Block Bad Queries - Version 20220118

Version Description

To upgrade BBQ, remove old version and replace with new version. Or just click "Update" from the Plugins screen and let WordPress do it for you automatically. Nothing else needs done.

Note: uninstalling/deleting the plugin via the WP Plugins screen results in the removal of all settings and email data from the WP database.

Download this release

Release Info

Developer specialk
Plugin Icon 128x128 BBQ: Block Bad Queries
Version 20220118
Comparing to
See all releases

Code changes from version 20210719 to 20220118

Files changed (3) hide show
  1. bbq-settings.php +2 -2
  2. block-bad-queries.php +77 -23
  3. readme.txt +24 -7
bbq-settings.php CHANGED
@@ -4,10 +4,10 @@ if (!defined('ABSPATH')) exit;
4
 
5
  function bbq_languages() {
6
 
7
- load_plugin_textdomain('block-bad-queries', false, BBQ_DIR .'languages/');
8
 
9
  }
10
- add_action('plugins_loaded', 'bbq_languages');
11
 
12
  function bbq_options() {
13
 
4
 
5
  function bbq_languages() {
6
 
7
+ load_plugin_textdomain('block-bad-queries', false, dirname(plugin_basename(__FILE__)) .'/languages/');
8
 
9
  }
10
+ add_action('init', 'bbq_languages');
11
 
12
  function bbq_options() {
13
 
block-bad-queries.php CHANGED
@@ -8,10 +8,10 @@
8
  Author URI: https://plugin-planet.com/
9
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
10
  Donate link: https://monzillamedia.com/donate.html
11
- Requires at least: 4.1
12
- Tested up to: 5.8
13
- Stable tag: 20210719
14
- Version: 20210719
15
  Requires PHP: 5.6.20
16
  Text Domain: block-bad-queries
17
  Domain Path: /languages
@@ -32,19 +32,19 @@
32
  You should have received a copy of the GNU General Public License
33
  with this program. If not, visit: https://www.gnu.org/licenses/
34
 
35
- Copyright 2021 Monzilla Media. All rights reserved.
36
  */
37
 
38
  if (!defined('ABSPATH')) die();
39
 
40
- if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20210719');
41
  if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
42
  if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
43
  if (!defined('BBQ_URL')) define('BBQ_URL', plugins_url('/block-bad-queries/'));
44
 
45
  function bbq_core() {
46
 
47
- $request_uri_array = apply_filters('request_uri_items', array('\s', '<', '>', '\^', '`', '@@', '\?\?', '\/&&', '\\', '\/=', '\/:\/', '\/\/\/', '\.\.\.', '\/\*(.*)\*\/', '\+\+\+', '\{0\}', '0x00', '%00', '\(\/\(', '(\/|;|=|,)nt\.', '@eval', 'eval\(', 'union(.*)select', '\(null\)', 'base64_', '(\/|%2f)localhost', '(\/|%2f)pingserver', 'wp-config\.php', '(\/|\.)(s?ftp-?)?conf(ig)?(uration)?\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https:', '\/http:', '\/ftp:', '\/file:', '\/php:', '\/cgi\/', '\.asp', '\.bak', '\.bash', '\.bat', '\.cfg', '\.cgi', '\.cmd', '\.conf', '\.db', '\.dll', '\.ds_store', '\.exe', '\/\.git', '\.hta', '\.htp', '\.inc', '\.init?', '\.jsp', '\.mysql', '\.pass', '\.pwd', '\.sql', '\/\.svn', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\(', '\/(db|mysql)-?admin', '\/document_root', '\/error_log', 'indoxploi', '\/sqlpatch', 'xrumer', 'www\.(.*)\.cn', '%3Cscript', '\/vbforum(\/)?', '\/vbulletin(\/)?', '\{\$itemURL\}', '(\/bin\/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(\/)?$', '((curl_|shell_)?exec|(f|p)open|function|fwrite|leak|p?fsockopen|passthru|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|system)(.*)(\()(.*)(\))', '(\/)(^$|0day|configbak|curltest|db|index\.php\/index|(my)?sql|(php|web)?shell|php-?info|temp00|vuln|webconfig)(\.php)'));
48
 
49
  $query_string_array = apply_filters('query_string_items', array('\(0x', '0x3c62723e', ';!--=', '\(\)\}', ':;\};', '\.\.\/', '\/\*\*\/', '127\.0\.0\.1', 'localhost', 'loopback', '%0a', '%0d', '%00', '%2e%2e', '%0d%0a', '@copy', 'concat(.*)(\(|%28)', 'allow_url_(fopen|include)', '(c99|php|web)shell', 'auto_prepend_file', 'disable_functions?', 'gethostbyname', 'input_file', 'execute', 'safe_mode', 'file_(get|put)_contents', 'mosconfig', 'open_basedir', 'outfile', 'proc_open', 'root_path', 'user_func_array', 'path=\.', 'mod=\.', '(globals|request)(=|\[)', 'f(fclose|fgets|fputs|fsbuff)', '\$_(env|files|get|post|request|server|session)', '(\+|%2b)(concat|delete|get|select|union)(\+|%2b)', '(cmd|command)(=|%3d)(chdir|mkdir)', '(absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?)', '(s)?(ftp|inurl|php)(s)?(:(\/|%2f|%u2215)(\/|%2f|%u2215))', '(\/|%2f)(=|%3d|\$&|_mm|cgi(\.|-)|inurl(:|%3a)(\/|%2f)|(mod|path)(=|%3d)(\.|%2e))', '(<|>|\'|")(.*)(\/\*|alter|base64|benchmark|cast|char|concat|convert|create|declare|delete|drop|encode|exec|fopen|function|html|insert|md5|request|script|select|set|union|update)'));
50
 
@@ -52,6 +52,8 @@ function bbq_core() {
52
 
53
  $referrer_array = apply_filters('referrer_items', array('blue\s?pill', 'ejaculat', 'erectile', 'erections', 'hoodia', 'huronriver', 'impotence', 'levitra', 'libido', 'lipitor', 'phentermin', 'pro[sz]ac', 'sandyauer', 'semalt\.com', 'todaperfeita', 'tramadol', 'ultram', 'unicauca', 'valium', 'viagra', 'vicodin', 'xanax', 'ypxaieo'));
54
 
 
 
55
  //
56
 
57
  $request_uri_string = '';
@@ -61,32 +63,62 @@ function bbq_core() {
61
 
62
  $long_requests = apply_filters('bbq_long_requests', true);
63
  $match_logging = apply_filters('bbq_match_logging', false);
64
-
65
- $matches = array();
66
 
67
  if (isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI'])) $request_uri_string = $_SERVER['REQUEST_URI'];
68
  if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) $query_string_string = $_SERVER['QUERY_STRING'];
69
  if (isset($_SERVER['HTTP_USER_AGENT']) && !empty($_SERVER['HTTP_USER_AGENT'])) $user_agent_string = $_SERVER['HTTP_USER_AGENT'];
70
  if (isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) $referrer_string = $_SERVER['HTTP_REFERER'];
71
 
72
- if ($request_uri_string || $query_string_string || $user_agent_string || $referrer_string) {
 
 
 
 
73
 
74
- $check_length = (strlen($request_uri_string) > 2000 || strlen($referrer_string) > 2000) ? true : false;
75
 
76
- if (
77
-
78
- ($long_requests && $check_length) ||
79
-
80
- preg_match('/'. implode('|', $request_uri_array) .'/i', $request_uri_string, $matches) ||
81
- preg_match('/'. implode('|', $query_string_array) .'/i', $query_string_string, $matches) ||
82
- preg_match('/'. implode('|', $user_agent_array) .'/i', $user_agent_string, $matches) ||
83
- preg_match('/'. implode('|', $referrer_array) .'/i', $referrer_string, $matches)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
84
 
85
- ) {
86
 
87
- if ($match_logging && isset($matches[0])) error_log('BBQ: '. $matches[0]);
88
 
89
- bbq_response();
 
 
 
 
 
 
90
 
91
  }
92
 
@@ -95,7 +127,9 @@ function bbq_core() {
95
  }
96
  add_action('plugins_loaded', 'bbq_core');
97
 
98
- function bbq_response() {
 
 
99
 
100
  $header_1 = apply_filters('bbq_header_1', 'HTTP/1.1 403 Forbidden');
101
  $header_2 = apply_filters('bbq_header_2', 'Status: 403 Forbidden');
@@ -109,4 +143,24 @@ function bbq_response() {
109
 
110
  }
111
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
112
  if (is_admin()) require_once BBQ_DIR .'bbq-settings.php';
8
  Author URI: https://plugin-planet.com/
9
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
10
  Donate link: https://monzillamedia.com/donate.html
11
+ Requires at least: 4.6
12
+ Tested up to: 5.9
13
+ Stable tag: 20220118
14
+ Version: 20220118
15
  Requires PHP: 5.6.20
16
  Text Domain: block-bad-queries
17
  Domain Path: /languages
32
  You should have received a copy of the GNU General Public License
33
  with this program. If not, visit: https://www.gnu.org/licenses/
34
 
35
+ Copyright 2022 Monzilla Media. All rights reserved.
36
  */
37
 
38
  if (!defined('ABSPATH')) die();
39
 
40
+ if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20220118');
41
  if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
42
  if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
43
  if (!defined('BBQ_URL')) define('BBQ_URL', plugins_url('/block-bad-queries/'));
44
 
45
  function bbq_core() {
46
 
47
+ $request_uri_array = apply_filters('request_uri_items', array('\/\.env', '\s', '<', '>', '\^', '`', '@@', '\?\?', '\/&&', '\\', '\/=', '\/:\/', '\/\/\/', '\.\.\.', '\/\*(.*)\*\/', '\+\+\+', '\{0\}', '0x00', '%00', '\(\/\(', '(\/|;|=|,)nt\.', '@eval', 'eval\(', 'union(.*)select', '\(null\)', 'base64_', '(\/|%2f)localhost', '(\/|%2f)pingserver', 'wp-config\.php', '(\/|\.)(s?ftp-?)?conf(ig)?(uration)?\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https:', '\/http:', '\/ftp:', '\/file:', '\/php:', '\/cgi\/', '\.asp', '\.bak', '\.bash', '\.bat', '\.cfg', '\.cgi', '\.cmd', '\.conf', '\.db', '\.dll', '\.ds_store', '\.exe', '\/\.git', '\.hta', '\.htp', '\.inc', '\.init?', '\.jsp', '\.mysql', '\.pass', '\.pwd', '\.sql', '\/\.svn', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\(', '\/(db|mysql)-?admin', '\/document_root', '\/error_log', 'indoxploi', '\/sqlpatch', 'xrumer', 'www\.(.*)\.cn', '%3Cscript', '\/vbforum(\/)?', '\/vbulletin(\/)?', '\{\$itemURL\}', '(\/bin\/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(\/)?$', '((curl_|shell_)?exec|(f|p)open|function|fwrite|leak|p?fsockopen|passthru|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|system)(.*)(\()(.*)(\))', '(\/)(^$|0day|c99|configbak|curltest|db|index\.php\/index|(my)?sql|(php|web)?shell|php-?info|temp00|vuln|webconfig)(\.php)'));
48
 
49
  $query_string_array = apply_filters('query_string_items', array('\(0x', '0x3c62723e', ';!--=', '\(\)\}', ':;\};', '\.\.\/', '\/\*\*\/', '127\.0\.0\.1', 'localhost', 'loopback', '%0a', '%0d', '%00', '%2e%2e', '%0d%0a', '@copy', 'concat(.*)(\(|%28)', 'allow_url_(fopen|include)', '(c99|php|web)shell', 'auto_prepend_file', 'disable_functions?', 'gethostbyname', 'input_file', 'execute', 'safe_mode', 'file_(get|put)_contents', 'mosconfig', 'open_basedir', 'outfile', 'proc_open', 'root_path', 'user_func_array', 'path=\.', 'mod=\.', '(globals|request)(=|\[)', 'f(fclose|fgets|fputs|fsbuff)', '\$_(env|files|get|post|request|server|session)', '(\+|%2b)(concat|delete|get|select|union)(\+|%2b)', '(cmd|command)(=|%3d)(chdir|mkdir)', '(absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?)', '(s)?(ftp|inurl|php)(s)?(:(\/|%2f|%u2215)(\/|%2f|%u2215))', '(\/|%2f)(=|%3d|\$&|_mm|cgi(\.|-)|inurl(:|%3a)(\/|%2f)|(mod|path)(=|%3d)(\.|%2e))', '(<|>|\'|")(.*)(\/\*|alter|base64|benchmark|cast|char|concat|convert|create|declare|delete|drop|encode|exec|fopen|function|html|insert|md5|request|script|select|set|union|update)'));
50
 
52
 
53
  $referrer_array = apply_filters('referrer_items', array('blue\s?pill', 'ejaculat', 'erectile', 'erections', 'hoodia', 'huronriver', 'impotence', 'levitra', 'libido', 'lipitor', 'phentermin', 'pro[sz]ac', 'sandyauer', 'semalt\.com', 'todaperfeita', 'tramadol', 'ultram', 'unicauca', 'valium', 'viagra', 'vicodin', 'xanax', 'ypxaieo'));
54
 
55
+ $post_array = apply_filters('post_items', array('<%=', '\+\/"\/\+\/', '(<|%3C|&lt;?|u003c|x3c)script', 'src=#\s', '(href|src)="javascript:', '(href|src)=javascript:', '(href|src)=`javascript:'));
56
+
57
  //
58
 
59
  $request_uri_string = '';
63
 
64
  $long_requests = apply_filters('bbq_long_requests', true);
65
  $match_logging = apply_filters('bbq_match_logging', false);
66
+ $post_scanning = apply_filters('bbq_post_scanning', true);
 
67
 
68
  if (isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI'])) $request_uri_string = $_SERVER['REQUEST_URI'];
69
  if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) $query_string_string = $_SERVER['QUERY_STRING'];
70
  if (isset($_SERVER['HTTP_USER_AGENT']) && !empty($_SERVER['HTTP_USER_AGENT'])) $user_agent_string = $_SERVER['HTTP_USER_AGENT'];
71
  if (isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) $referrer_string = $_SERVER['HTTP_REFERER'];
72
 
73
+ $matches = array();
74
+
75
+ //
76
+
77
+ if ($long_requests && (strlen($request_uri_string) > 2000 || strlen($referrer_string) > 2000)) {
78
 
79
+ bbq_response($match_logging, $matches);
80
 
81
+ }
82
+
83
+ if ($request_uri_string && preg_match('/'. implode('|', $request_uri_array) .'/i', $request_uri_string, $matches)) {
84
+
85
+ bbq_response($match_logging, $matches);
86
+
87
+ }
88
+
89
+ if ($query_string_string && preg_match('/'. implode('|', $query_string_array) .'/i', $query_string_string, $matches)) {
90
+
91
+ bbq_response($match_logging, $matches);
92
+
93
+ }
94
+
95
+ if ($user_agent_string && preg_match('/'. implode('|', $user_agent_array) .'/i', $user_agent_string, $matches)) {
96
+
97
+ bbq_response($match_logging, $matches);
98
+
99
+ }
100
+
101
+ if ($referrer_string && preg_match('/'. implode('|', $referrer_array) .'/i', $referrer_string, $matches)) {
102
+
103
+ bbq_response($match_logging, $matches);
104
+
105
+ }
106
+
107
+ if ($post_scanning && isset($_POST)) {
108
+
109
+ foreach ($_POST as $key => $value) {
110
 
111
+ $value = bbq_get_string($value);
112
 
113
+ if (empty($value)) continue;
114
 
115
+ if (preg_match('/'. implode('|', $post_array) .'/i', $value, $matches)) {
116
+
117
+ bbq_response($match_logging, $matches);
118
+
119
+ break;
120
+
121
+ }
122
 
123
  }
124
 
127
  }
128
  add_action('plugins_loaded', 'bbq_core');
129
 
130
+ function bbq_response($match_logging, $matches) {
131
+
132
+ if ($match_logging && isset($matches[0])) error_log('BBQ: '. $matches[0]);
133
 
134
  $header_1 = apply_filters('bbq_header_1', 'HTTP/1.1 403 Forbidden');
135
  $header_2 = apply_filters('bbq_header_2', 'Status: 403 Forbidden');
143
 
144
  }
145
 
146
+ function bbq_get_string($var) {
147
+
148
+ if (!is_array($var)) return $var;
149
+
150
+ foreach ($var as $key => $value) {
151
+
152
+ if (is_array($value)) {
153
+
154
+ bbq_get_string($value);
155
+
156
+ } else {
157
+
158
+ return $value;
159
+
160
+ }
161
+
162
+ }
163
+
164
+ }
165
+
166
  if (is_admin()) require_once BBQ_DIR .'bbq-settings.php';
readme.txt CHANGED
@@ -8,10 +8,10 @@ Author: Jeff Starr
8
  Author URI: https://plugin-planet.com/
9
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
10
  Donate link: https://monzillamedia.com/donate.html
11
- Requires at least: 4.1
12
- Tested up to: 5.8
13
- Stable tag: 20210719
14
- Version: 20210719
15
  Requires PHP: 5.6.20
16
  Text Domain: block-bad-queries
17
  Domain Path: /languages
@@ -45,7 +45,8 @@ BBQ protects your site against many threats:
45
  * XSS, XXE, and related attacks
46
  * Protects against bad bots
47
  * Protects against bad referrers
48
- * Plus many other bad requests
 
49
 
50
  > Works great with [Blackhole for Bad Bots](https://wordpress.org/plugins/blackhole-bad-bots/)
51
 
@@ -69,6 +70,7 @@ BBQ provides all the best firewall features:
69
  * Extremely low rate of false positives
70
  * Compatible with other security plugins
71
  * Regularly updated and "future proof"
 
72
  * Lightweight, fast and flexible
73
 
74
  > For advanced protection and features, check out [BBQ Pro &raquo;](https://plugin-planet.com/bbq-pro/)
@@ -186,7 +188,7 @@ Yes, BBQ scans any arrays that are included in the URI request. If any matching
186
 
187
  **My PHP scanner/checker plugin says there is an error?**
188
 
189
- For example, if your PHP/plugin scanner reports something like, "found `0x3c62723e` which is bad." Normally you would not want to find such bad strings of code, but there is an exception for security plugins. Think about it: in order to block some nasty string, BBQ must _know_ about it. So each bad string that is blocked by BBQ is included in the plugin "blacklist". That means, when some PHP scanner looks at BBQ and finds some known bad strings, it just means that the scanner has discovered BBQ's list of blocked terms. In other words, BBQ contains static strings of non-functional text, in order to match and block malicious requests to your site. I hope this makes sense, feel free to [contact me](https://perishablepress.com/contact/) if I may provide any further infos.
190
 
191
 
192
  **Do I need WordPress to run BBQ?**
@@ -219,7 +221,7 @@ BBQ can be configured to log the matching pattern for any blocked request. By de
219
 
220
  **Got a question?**
221
 
222
- Send any questions or feedback via my [contact form](https://perishablepress.com/contact/).
223
 
224
 
225
 
@@ -231,6 +233,7 @@ I develop and maintain this free plugin with love for the WordPress community. T
231
  * [Digging into WordPress](https://digwp.com/)
232
  * [.htaccess made easy](https://htaccessbook.com/)
233
  * [WordPress Themes In Depth](https://wp-tao.com/wordpress-themes-book/)
 
234
 
235
  And/or purchase one of my premium WordPress plugins:
236
 
@@ -249,6 +252,20 @@ Links, tweets and likes also appreciated. Thank you! :)
249
  If you like BBQ, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you!
250
 
251
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
252
  **2021/07/19**
253
 
254
  * Removes `ambien` from referrer patterns
8
  Author URI: https://plugin-planet.com/
9
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
10
  Donate link: https://monzillamedia.com/donate.html
11
+ Requires at least: 4.6
12
+ Tested up to: 5.9
13
+ Stable tag: 20220118
14
+ Version: 20220118
15
  Requires PHP: 5.6.20
16
  Text Domain: block-bad-queries
17
  Domain Path: /languages
45
  * XSS, XXE, and related attacks
46
  * Protects against bad bots
47
  * Protects against bad referrers
48
+ * Protects against bad POST content
49
+ * Protects against many other bad requests
50
 
51
  > Works great with [Blackhole for Bad Bots](https://wordpress.org/plugins/blackhole-bad-bots/)
52
 
70
  * Extremely low rate of false positives
71
  * Compatible with other security plugins
72
  * Regularly updated and "future proof"
73
+ * Firewall &lt; 10 kilobytes in size
74
  * Lightweight, fast and flexible
75
 
76
  > For advanced protection and features, check out [BBQ Pro &raquo;](https://plugin-planet.com/bbq-pro/)
188
 
189
  **My PHP scanner/checker plugin says there is an error?**
190
 
191
+ For example, if your PHP/plugin scanner reports something like, "found `0x3c62723e` which is bad." Normally you would not want to find such bad strings of code, but there is an exception for security plugins. Think about it: in order to block some nasty string, BBQ must _know_ about it. So each bad string that is blocked by BBQ is included in the plugin "blacklist". That means, when some PHP scanner looks at BBQ and finds some known bad strings, it just means that the scanner has discovered BBQ's list of blocked terms. In other words, BBQ contains static strings of non-functional text, in order to match and block malicious requests to your site. I hope this makes sense, feel free to [contact me](https://plugin-planet.com/support/#contact) if I may provide any further infos.
192
 
193
 
194
  **Do I need WordPress to run BBQ?**
221
 
222
  **Got a question?**
223
 
224
+ Send any questions or feedback via my [contact form](https://plugin-planet.com/support/#contact).
225
 
226
 
227
 
233
  * [Digging into WordPress](https://digwp.com/)
234
  * [.htaccess made easy](https://htaccessbook.com/)
235
  * [WordPress Themes In Depth](https://wp-tao.com/wordpress-themes-book/)
236
+ * [Wizard's SQL Recipes for WordPress](https://books.perishablepress.com/downloads/wizards-collection-sql-recipes-wordpress/)
237
 
238
  And/or purchase one of my premium WordPress plugins:
239
 
252
  If you like BBQ, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you!
253
 
254
 
255
+ **2022/01/18**
256
+
257
+ * Refactors for improved performance
258
+ * Improves checking of POST requests
259
+ * Adds filter hook `post_items`
260
+ * Adds filter hook `bbq_post_scanning`
261
+ * Adds `/.env` to Request URI patterns
262
+ * Adds `c99.php` to Request URI patterns
263
+ * Updates [blacklist](https://perishablepress.com/bbq-whitelist-blacklist/) and [customize](https://perishablepress.com/customize-bbq-firewall/) addons
264
+ * Improves loading of translations
265
+ * Updates some links to external resources
266
+ * Changes minimum required WP version to 4.6
267
+ * Tests on WordPress 5.9
268
+
269
  **2021/07/19**
270
 
271
  * Removes `ambien` from referrer patterns