BBQ: Block Bad Queries is a small WordPress security plugin that does one thing: block malicious requests. The plug-and-play plugin fights SQL injections, file execution attempts, and more.
For example, BBQ scans URL requests for queries searching for executable .exe files, archived .tar compression packages, hidden files with sensitive information, and bash commands such as
BBQ does this without modifying your .htaccess file, database tables, or production workflow in any way. It simply scans URL requests and blocks them when matching patterns are found.
Note: BBQ is designed and expected to work alongside other major WordPress security plugins. We recommend WP Cerber Security or Wordfence Security.
Below we’ll enable BBQ: Block Bad Queries.
Set Up BBQ: Block Bad Queries
This is a plug-and-play plugin. You can easily install the plugin manually or via WP-CLI (plugin name
block-bad-queries). Below we’ll use the WordPress dashboard.
- Log in to WordPress.
- Install the BBQ: Block Bad Queries plugin.
- Activate the plugin.
- That’s it! Click Settings under Block Bad Queries (BBQ) for a link to its respective WordPress.org page, BBQ Version, and link to the Pro version. You can also view this page under the Settings section on the left.
The Pro version includes more features such as redirect URLs, URL request statistics, and more.
If your security scanner – e.g. ClamAV or Sucuri – reports malware while BBQ is installed, it may have simply found BBQ’s blacklist. Please contact our 24/7 Technical Support for further assistance.
Are you learning more about WordPress security? Read more about WordPress and general web security with the following articles:
- 10 Ways to Secure WordPress with plugins, best security practices, and other configurations
- Check out Sucuri web application firewall (WAF) for improved security and performance
- VPS Hosting offers server-level security features via WebHost Manager (WHM) unavailable to Business Hosting customers: