This forum is for general questions about BBQ Pro. This includes but is not limited to installation, configuration, and basic implementation. For advanced questions, check out the Advanced Topics.
Browse support forums for BBQ Pro »
There are 22 posts in this forum.
I’ve used the BBQ (free) plugin on many sites and also made use of the 5G and 6G firewalls in .htaccess files. (I’m happy to have been able to help with the 6G)
I (as always ;-) have a few questions.
With BBQ Pro in place, is there any performance benefit/deficit to keeping 5G & 6G in .htaccess? I do realize that many things would be redundant.
I frequently have used BBQ-free alongside WP Simple Firewall and Wordfence. No one plugin has all of the features that I want and they all seem to play nicely together. I also find that each plugin catches attacks that the others don’t. No plugin gets everything.
Is there a pecking order as to who goes first?
Should BBQP act any differently?
Sites I maintain currently get hammered hard by attacks like…
The offending parameter was “__gads” with a value of “ID=7c9e6611126e7077:T=1436213185:S=ALNI_MbTrDtSdRMJsd0X2F6x9KeIJ8ouUA”
The offending parameter was “sid” with a value of “78791582830x7FCC83C5ACF2A342E223FC6055619C401E41EF968564A39A94AD07C711167891”.
Is it as simple as adding __gad and sid to the custom area of BBQP?
Inquiring minds and all that….
Thanks for all your hard work!
Hi Ken, glad to help:
“With BBQ Pro in place, is there any performance benefit/deficit to keeping 5G & 6G in .htaccess?”
Nope, using both should be fine, although much of 5/6G is incorporated into BBQ Pro.
“Is there a pecking order as to who goes first?”
Good question, I’m not sure how WordPress determines the order in which scripts (plugins) are executed. Maybe ask on the WordPress.org forum?
“Is it as simple as adding __gad and sid to the custom area of BBQP?”
Yep, that’s the idea. Try adding to Query String section and click the test button. Then try requesting some of the variations of the query string that you are seeing in your logs. BBQ Pro should block them all (unless one of your other plugins/.htaccess rules gets to it first).
Back again… Still playing… ;-)
When I test the various queries, I’m taken to my Home page with the site url and then /?the-query
When I look at my access logs, queries show as a Status 200
Is that the correct behavior or should they be blocked with a 403?
It depends on the setting, “Status Code”. Should be whatever is there..
I have the status code set to 403. All other “additional” security plugins deactivated and vanilla .htaccess
Query tests come up as a 200 status code.
Ah, you are looking at response codes (as recorded in your server logs), not headers (as reported via the browser), correct?
If so then yes, the plugin sends the proper headers but does not change the HTTP response that is recorded by Apache. So for example if you use Live HTTP Headers in Firefox to view the headers for a blocked request, the status header should match up with the plugin settings.
Yes, I was looking at the server logs.
Thanks for the info!
I’m sorry but I’m still a little confused regarding how the plugin affects the .htaccess of my site. After having bought and installed the plugin, I set it up, but the .htaccess of my site was not changed at all. How can the plugin then put in place the 5G/6G firewall rules?!
My wordpress site is installed in a sub directory. None of the two .htaccess files were affected (not the one in the root directory of the site nor the one where wp resides).
Do I need to manually implement the 5G/6G .htaccess firewall too?
Thanks for clarifying this matter.
Glad to help:
1) “How can the plugin then put in place the 5G/6G firewall rules?!”
BBQ Pro includes 5G/6G rules built in, so no need to include them separately via .htaccess.
2) “Do I need to manually implement the 5G/6G .htaccess firewall too?”
Nope, as explained there is no need to add any 5G/6G rules — they are built in to the plugin patterns out of the box, and you can fine-tune them via the Patterns settings/screen.
When you are installing BBQ Pro, make sure you deactivate the free BBQ before activating BBQ Pro! If not, you will get this error message:
Fatal error: Cannot redeclare bbq_core() (previously declared in
/.../wp-content/plugins/block-bad-queries/block-bad-queries.php on line 45
Didn’t deactivate it? Then visit the page through FTP, go to folder /wp-content/plugins/ and rename “bbq-pro” to “zbbq-pro”. Go to the WordPress plugin page, deactivate Block Bad Queries (BBQ) plugin. Then rename “zbbq-pro” back to “bbq-pro” and activate the plugin.
Thanks for reporting this, Rick. Will implement a check for the free version of BBQ in the next plugin update.
Is BBQ Pro “enough security.”
YES, I use other tools in htaccess, Firewall on my server, Fail2Ban etc. and of course using strong passwords, dynamic IP blocking and not using admin as a username – is there any reason to use other WordPress security plugins? They seem “bloated,” complicated and redundant. That is why I like BBQ Pro -simple and it works…
Hello, just a quick question:
Does BBQ Pro add new tables to the WP database?
Nope, everything is stored as an associative array in the options table.
fantastic, thank you Jeff!
Hey Jeff. Longtime fan of your work at Perishable Press. And my long .htaccess file is proof! Thanks for offering this plugin at an affordable rate for us small bloggers who don’t make a dime on our hobby. :-)
So I have this massive user agent list and some ips of foreign bots that I block (I know they could have been spoofed ips but my audience is primarily U.S. so its cool). And, from what I’ve read here, I can leave that blocking code in my .htaccess. But I can’t imagine what happened to all of your .htaccess rules that you created in 5G and 6G? I expected to see it inserted into my .htaccess. Was it rewritten in php?
Last question: There are several WP hardening tips in my .htaccess that I got from you and others and I’m wondering if any are done in your bbqpro plugin and should be removed from my .htaccess:
htaccess file protection, blocking access to log files, protecting wp-config, Header set X-XSS-Protection, protecting against d-bag database exploit scans, protecting against drive-by downloads, and blocking use my content in iframes (the RSSing fix).
Glad to help!
BBQ Pro doesn’t touch anything with .htaccess — it’s all entirely integrated with WordPress. So yes all of the best 5G/6G rules were added to BBQ Pro. So you can either remove 5/6G or leave in place for extra protection.
For the other .htaccess tricks, some things may be covered just due to BBQ’s extensive patterns, but they are not all covered per se. So it’s your call, and you can always test each technique by enabling BBQ’s various patterns, removing one .htaccess technique at a time, and then testing to see if whatever should be blocked is in fact blocked. If that makes sense :)
Hello. I have a big question. I have noticed that archive.org doesn’t cache my website, and while checking the settings in the plugin I noticed something like “archiver” under user agent in “advanced tab”, I am wondering if I disabled this option (archiver user agent), will the archive.org crawl my site and cache the web pages? thanks.
Unless other factors are preventing the crawl, then yes that should be all that’s required.
After upgrading to WordPress 5.3, I am still unable to update from BBQ Pro ver 2.4 to ver 2.5
I still receive the error, “An error occurred while updating BBQ Pro: Download failed. Unauthorized”
The changelog notes indicated that WordPress 5.3 was compatible with BBQ Pro 2.5.
Is this going to be fixed?
Thank you very much!
Deactivating and deleting 2.4 and then, installing 2.5 fixed the problem. Thank you.
Glad you got it sorted, Marcus. And for the sake of anyone looking, here are step-by-step upgrade instructions and a post about the Unauthorized issue.
Please log in to post a new topic or reply.
Top-rated customer support.
Quality plugins since 2005.
Over 1 million happy users.
Top-rated customer support.
Get news, updates, and deals delivered to your inbox. Only good stuff, never spam. Your email will remain private. Easy unsubscribe anytime.
Plugin Planet •
Built with shapeSpace by
Monzilla Media •