Plugin Planet

Premium WordPress Plugins

This forum is for general questions about BBQ Pro. This includes but is not limited to installation, configuration, and basic implementation. For advanced questions, check out the Advanced Topics.

Post questions about this topic using the form below.

Forum : BBQ Pro – General Topics

  1. Ken DawesJuly 6, 2015

    Hi!

    I’ve used the BBQ (free) plugin on many sites and also made use of the 5G and 6G firewalls in .htaccess files. (I’m happy to have been able to help with the 6G)

    I (as always ;-) have a few questions.

    With BBQ Pro in place, is there any performance benefit/deficit to keeping 5G & 6G in .htaccess? I do realize that many things would be redundant.

    I frequently have used BBQ-free alongside WP Simple Firewall and Wordfence. No one plugin has all of the features that I want and they all seem to play nicely together. I also find that each plugin catches attacks that the others don’t. No plugin gets everything.

    Is there a pecking order as to who goes first?

    Should BBQP act any differently?

    Sites I maintain currently get hammered hard by attacks like…

    The offending parameter was “__gads” with a value of “ID=7c9e6611126e7077:T=1436213185:S=ALNI_MbTrDtSdRMJsd0X2F6x9KeIJ8ouUA”

    and…

    The offending parameter was “sid” with a value of “78791582830x7FCC83C5ACF2A342E223FC6055619C401E41EF968564A39A94AD07C711167891”.

    Is it as simple as adding __gad and sid to the custom area of BBQP?

    Inquiring minds and all that….

    Thanks for all your hard work!
    Ken

  2. Jeff Starr

    Jeff StarrJuly 7, 2015

    Hi Ken, glad to help:

    “With BBQ Pro in place, is there any performance benefit/deficit to keeping 5G & 6G in .htaccess?”

    Nope, using both should be fine, although much of 5/6G is incorporated into BBQ Pro.

    “Is there a pecking order as to who goes first?”

    Good question, I’m not sure how WordPress determines the order in which scripts (plugins) are executed. Maybe ask on the WordPress.org forum?

    “Is it as simple as adding __gad and sid to the custom area of BBQP?”

    Yep, that’s the idea. Try adding to Query String section and click the test button. Then try requesting some of the variations of the query string that you are seeing in your logs. BBQ Pro should block them all (unless one of your other plugins/.htaccess rules gets to it first).

  3. Ken DawesJuly 7, 2015

    Hi Jeff,
    Back again… Still playing… ;-)

    When I test the various queries, I’m taken to my Home page with the site url and then /?the-query

    When I look at my access logs, queries show as a Status 200

    Is that the correct behavior or should they be blocked with a 403?

    Thanks!

  4. Jeff Starr

    Jeff StarrJuly 7, 2015

    It depends on the setting, “Status Code”. Should be whatever is there..

  5. Ken DawesJuly 7, 2015

    I have the status code set to 403. All other “additional” security plugins deactivated and vanilla .htaccess

    Query tests come up as a 200 status code.

    • Jeff Starr

      Jeff StarrJuly 7, 2015

      Ah, you are looking at response codes (as recorded in your server logs), not headers (as reported via the browser), correct?

      If so then yes, the plugin sends the proper headers but does not change the HTTP response that is recorded by Apache. So for example if you use Live HTTP Headers in Firefox to view the headers for a blocked request, the status header should match up with the plugin settings.

      • Ken DawesJuly 8, 2015

        Yes, I was looking at the server logs.

        Thanks for the info!

  6. Valeriano Della LongaOctober 4, 2015

    Hi,
    I’m sorry but I’m still a little confused regarding how the plugin affects the .htaccess of my site. After having bought and installed the plugin, I set it up, but the .htaccess of my site was not changed at all. How can the plugin then put in place the 5G/6G firewall rules?!

    My wordpress site is installed in a sub directory. None of the two .htaccess files were affected (not the one in the root directory of the site nor the one where wp resides).

    Do I need to manually implement the 5G/6G .htaccess firewall too?

    Thanks for clarifying this matter.

    • Jeff Starr

      Jeff StarrDecember 19, 2015

      Hi Valeriano,

      Glad to help:

      1) “How can the plugin then put in place the 5G/6G firewall rules?!”

      BBQ Pro includes 5G/6G rules built in, so no need to include them separately via .htaccess.

      2) “Do I need to manually implement the 5G/6G .htaccess firewall too?”

      Nope, as explained there is no need to add any 5G/6G rules — they are built in to the plugin patterns out of the box, and you can fine-tune them via the Patterns settings/screen.

  7. RickNovember 15, 2015

    When you are installing BBQ Pro, make sure you deactivate the free BBQ before activating BBQ Pro! If not, you will get this error message:

    Fatal error: Cannot redeclare bbq_core() (previously declared in /.../wp-content/plugins/bbq-pro/bbq-pro.php:187) in /.../wp-content/plugins/block-bad-queries/block-bad-queries.php on line 45

    Didn’t deactivate it? Then visit the page through FTP, go to folder /wp-content/plugins/ and rename “bbq-pro” to “zbbq-pro”. Go to the WordPress plugin page, deactivate Block Bad Queries (BBQ) plugin. Then rename “zbbq-pro” back to “bbq-pro” and activate the plugin.

    • Jeff Starr

      Jeff StarrDecember 19, 2015

      Thanks for reporting this, Rick. Will implement a check for the free version of BBQ in the next plugin update.

  8. Frank GomezMarch 18, 2016

    Is BBQ Pro “enough security.”

    YES, I use other tools in htaccess, Firewall on my server, Fail2Ban etc. and of course using strong passwords, dynamic IP blocking and not using admin as a username – is there any reason to use other WordPress security plugins? They seem “bloated,” complicated and redundant. That is why I like BBQ Pro -simple and it works…

  9. Michele IannelloJuly 11, 2016

    Hello, just a quick question:

    Does BBQ Pro add new tables to the WP database?

    thank you.

  10. Douglas MarquardtAugust 24, 2016

    Hey Jeff. Longtime fan of your work at Perishable Press. And my long .htaccess file is proof! Thanks for offering this plugin at an affordable rate for us small bloggers who don’t make a dime on our hobby. :-)

    So I have this massive user agent list and some ips of foreign bots that I block (I know they could have been spoofed ips but my audience is primarily U.S. so its cool). And, from what I’ve read here, I can leave that blocking code in my .htaccess. But I can’t imagine what happened to all of your .htaccess rules that you created in 5G and 6G? I expected to see it inserted into my .htaccess. Was it rewritten in php?

    Last question: There are several WP hardening tips in my .htaccess that I got from you and others and I’m wondering if any are done in your bbqpro plugin and should be removed from my .htaccess:

    htaccess file protection, blocking access to log files, protecting wp-config, Header set X-XSS-Protection, protecting against d-bag database exploit scans, protecting against drive-by downloads, and blocking use my content in iframes (the RSSing fix).

    Thanks! Doug

    • Jeff Starr

      Jeff StarrNovember 26, 2016

      Hey Doug,

      Glad to help!

      BBQ Pro doesn’t touch anything with .htaccess — it’s all entirely integrated with WordPress. So yes all of the best 5G/6G rules were added to BBQ Pro. So you can either remove 5/6G or leave in place for extra protection.

      For the other .htaccess tricks, some things may be covered just due to BBQ’s extensive patterns, but they are not all covered per se. So it’s your call, and you can always test each technique by enabling BBQ’s various patterns, removing one .htaccess technique at a time, and then testing to see if whatever should be blocked is in fact blocked. If that makes sense :)

Please log in to post a new forum topic.