How to Setup BBQ: Block Bad Queries on WordPress

BBQ: Block Bad Queries is a small WordPress security plugin that does one thing: block malicious requests. The plug-and-play plugin fights SQL injections, file execution attempts, and more.

For example, BBQ scans URL requests for queries searching for executable .exe files, archived .tar compression packages, hidden files with sensitive information, and bash commands such as makefile.

BBQ does this without modifying your .htaccess file, database tables, or production workflow in any way. It simply scans URL requests and blocks them when matching patterns are found.

Note: BBQ is designed and expected to work alongside other major WordPress security plugins. We recommend WP Cerber Security or Wordfence Security.

Below we’ll enable BBQ: Block Bad Queries.

Set Up BBQ: Block Bad Queries

This is a plug-and-play plugin. You can easily install the plugin manually or via WP-CLI (plugin name block-bad-queries). Below we’ll use the WordPress dashboard.

  1. Log in to WordPress.
  2. Install the BBQ: Block Bad Queries plugin.
  3. Activate the plugin.
  4. That’s it! Click Settings under Block Bad Queries (BBQ) for a link to its respective page, BBQ Version, and link to the Pro version. You can also view this page under the Settings section on the left.

The Pro version includes more features such as redirect URLs, URL request statistics, and more.

If your security scanner – e.g. ClamAV or Sucuri – reports malware while BBQ is installed, it may have simply found BBQ’s blacklist. Please contact our 24/7 Technical Support for further assistance.

Are you learning more about WordPress security? Read more about WordPress and general web security with the following articles:


It looks like this article doesn't have any comments yet - you can be the first. If you have any comments or questions, start the conversation!

Was this article helpful? Let us know!