---
title: "How to Fight Malicious Website Scans with BBQ: Block Bad Queries"
description: "In this article: Block Bad QueriesUpdates WordPress is the most popular content management system (CMS) today. But that doesn't mean you have to use it for better security. But that's a discussion..."
url: https://www.inmotionhosting.com/support/website/block-bad-queries/
date: 2019-09-03
modified: 2021-11-19
author: "InMotion Hosting Contributor"
categories: ["Website"]
type: post
lang: en
---

# How to Fight Malicious Website Scans with BBQ: Block Bad Queries

**In this article:**

- [Block Bad Queries](#block)
- [Updates](#update)

WordPress is the most popular content management system (CMS) today. But that doesn’t mean you have to use it for better security. But that’s a discussion for another article.

The developers of the [BBQ: Block Bad Queries WordPress security plugin](/support/edu/wordpress/how-to-setup-bbq-block-bad-queries-on-wordpress/) have a standalone PHP script that accomplishes the same goal as its WordPress counterpart. It blocks malicious URL requests to improve web security. Notable examples include file scans for compressed .zip or .tar files, hidden files storing personally identifiable information (PII), and exploitable executable files.

These brute force scans are accomplished with automated programs and a database of known exploitable URLs – e.g. domain.com/path-to-file/etc/passwd (searching for the Linux password file) and domain.com/path-to-file/makefile (attempting to create a file on the server).

Below we cover how to block bad (*malicious*) queries within a PHP website.

## Block Bad Queries

1. Visit [https://perishablepress.com/block-bad-queries.](https://perishablepress.com/block-bad-queries.)
2. [Edit your index.php file](/support/website/how-to-edit-a-file/) or another PHP file that will be requested on every website request – e.g. header.php. If you’re using an HTML file, copy it to a new index.php file and use that new file.
3. Copy the code under the [BBQ standalone PHP script section](https://perishablepress.com/block-bad-queries/#bbq-php-script) into the top of your PHP file.
4. **Save** the file.
5. Check your PHP page to ensure none of the code displays on your website.
6. Try a malicious URL for basic penetration testing (pen-testing) – e.g. *yourdomain.com/makefile*. It should redirect to a 403 error.

### Updates

The developer recommends periodically updating the PHP script for improved security.

1. To do this, [download the WordPress plugin from WordPress.org](/support/edu/wordpress/how-to-setup-bbq-block-bad-queries-on-wordpress/#bbq).
2. Open the zip file with [7zip](https://www.7-zip.org/download.html), Winzip, or [Engrampa](https://www.inmotionhosting.com/support/edu/cpanel/engrampa-archive-manager-linux/).
3. Open the block-bad-queries.php file.
4. Copy the code to replace the PHP code on your website.

Contact the developer at [PerishablePress](https://perishablepress.com/contact/)[.com](https://perishablepress.com/contact/) for further assistance. We’ll update this article when notified of changes to the update process.
