How to Fight Malicious Website Scans with BBQ: Block Bad Queries

In this article:

WordPress is the most popular content management system (CMS) today. But that doesn’t mean you have to use it for better security. But that’s a discussion for another article.

The developers of the BBQ: Block Bad Queries WordPress security plugin have a standalone PHP script that accomplishes the same goal as its WordPress counterpart. It blocks malicious URL requests to improve web security. Notable examples include file scans for compressed .zip or .tar files, hidden files storing personally identifiable information (PII), and exploitable executable files.

These brute force scans are accomplished with automated programs and a database of known exploitable URLs – e.g. (searching for the Linux password file) and (attempting to create a file on the server).

Below we cover how to block bad (malicious) queries within a PHP website.

Block Bad Queries

  1. Visit
  2. Edit your index.php file or another PHP file that will be requested on every website request – e.g. header.php. If you’re using an HTML file, copy it to a new index.php file and use that new file.
  3. Copy the code under the BBQ standalone PHP script section into the top of your PHP file.
  4. Save the file.
  5. Check your PHP page to ensure none of the code displays on your website.
  6. Try a malicious URL for basic penetration testing (pen-testing) – e.g. It should redirect to a 403 error.


The developer recommends periodically updating the PHP script for improved security.

  1. To do this, download the WordPress plugin from
  2. Open the zip file with 7zip, Winzip, or Engrampa.
  3. Open the block-bad-queries.php file.
  4. Copy the code to replace the PHP code on your website.

Contact the developer at for further assistance. We’ll update this article when notified of changes to the update process.

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting

Was this article helpful? Let us know!