BBQ Firewall – Fast & Powerful Firewall Security Plugin

To test that the plugin is working, you can request any of the blocked patterns. For example, visit your site’s homepage and enter the following URL:

https://example.com/eval( 

Replace example.com with your site’s actual domain. If BBQ is active, the request for that URL will be blocked (with a “403 Forbidden” status). This means the plugin is working properly. You can test other patterns as well. To view all the patterns blocked by BBQ, look at the function bbq_core() located in block-bad-queries.php.

Yes, three of them:

• BBQ Firewall for super-fast firewall security
• Blackhole for Bad Bots to protect your site against bad bots
• Banhammer to monitor and ban any user or IP address

Pro versions with more features available at Plugin Planet.

Nope, just install and relax knowing that BBQ is protecting your site from bad URL requests.

No settings needed for BBQ! Everything is done automatically behind the scenes. Zero configuration required. The free version of BBQ is strictly plug-n-play, set-it-and-forget-it, with no settings to configure whatsoever. Just install, activate, and enjoy better security and robust protection against malicious requests. The Pro version of BBQ is just as fast and simple to use, but is much more powerful and includes robust settings to customize and fine-tune your firewall.

Does it makes sense to use both? Yes BBQ free and BBQ Pro are both compatible with any plugin written according to the WP API. And yes, there is benefit to using BBQ with any other security plugin, including Wordfence. They protect against different threats, so using both means you are extra secure.

Absolutely not. Unlike other security/firewall plugins, neither BBQ (free version) nor BBQ Pro make any changes to any .htaccess file.

No, the free version of BBQ operates as each page is loaded; it does not make any changes whatsoever to the WP database.

Yes, BBQ scans any arrays that are included in the URI request. If any matching patterns are found, the request is blocked.

For example, if your PHP/plugin scanner reports something like, “found 0x3c62723e which is bad.” Normally you would not want to find such bad strings of code, but there is an exception for security plugins. Think about it: in order to block some nasty string, BBQ must know about it. So each bad string that is blocked by BBQ is included in the plugin “blacklist”. That means, when some PHP scanner looks at BBQ and finds some known bad strings, it just means that the scanner has discovered BBQ’s list of blocked terms. In other words, BBQ contains static strings of non-functional text, in order to match and block malicious requests to your site. I hope this makes sense, feel free to contact me if I may provide any further infos.

Nope! BBQ is available in the following flavors:

• BBQ Free – WordPress Plugin
• BBQ Pro – WordPress Plugin
• BBQ Standalone PHP Script

So you can check out the Standalone PHP Script for sites that are not running WordPress.

Full question: “Except most of the rules overlapping, is it counter productive (site slowing down for example, potential conflicts, bugs) or is there any risks using 7G/8G Firewall + BBQ at the same time?”

Answer: It’s fine to run both BBQ and 7G/8G Firewall at the same time. Both firewalls are super fast, so they won’t slow things down. In other words the two firewalls play well together. The only downside is that some of the rules will be redundant, but there should be no negative impact on performance. The upside is that you get extra protection when using both, as there are variations in the firewall rules and patterns, etc.

If you are using some PHP checker that’s reporting an error or bad string in BBQ, it’s a false positive and safe to ignore. Why? Because the PHP checker is finding the static strings/patterns that BBQ uses to identify and block bad requests. In other words, your PHP checker is finding a static string thinking it is live code. It’s not. If possible, please take a moment to report this to the developers of your PHP checker. They should be happy to improve the accuracy and quality of their plugin. More info.

You can use a free addon to display the total number of blocked requests on the BBQ settings page. Here is a guide that explains how to set it up.

Alternately, BBQ can be configured to log the matching pattern for each blocked request. When match-logging is enabled, BBQ will add a log entry in the site’s default error log. To enable match logging, use the free customize plugin.

Note that the Pro version of BBQ displays the current block count for each firewall rule, like this. All automatic, fiddling with code NOT required 🙂

Send any questions or feedback via my contact form.