Changelog for BBQ Firewall https://wordpress.org/plugins/block-bad-queries/ > __Tip:__ Use a free markdown tool like https://dillinger.io/ to convert the changelog to a more readable format. > __Tip:__ Check announcement posts for details about pro updates and related news: https://plugin-planet.com/news/ **2024/03/06** * Updates plugin settings page * Updates default translation template * Improves plugin docs/readme.txt * Tests on WordPress 6.5 (beta) **2023/10/26** * Adds `.msi` to Request URI patterns * Adds `etc/hosts`, `etc/motd`, `etc/shadow` to Request URI patterns * Fixes bug with translation on settings page * Updates default translation template * Updates custom banner notice * Tests on WordPress 6.4 (beta) **2023/07/18** * Improves localization function * Improves sanitization of variables * Updates default translation template * Adds PHP constant, `BBQ_BASE_FILE` * Adds custom notice on settings page * Adds information about BBQ addons * Improves plugin documentation * Tests on WordPress 6.3 (beta) **2023/03/03** * Adds action hook `bbq_response` * Adds filter hook `bbq_count_plugin_path` * Adds button to test firewall active * Streamlines firewall functionality * Tweaks styles on plugin settings page * Appends version number to CSS/JS URLs * Improves logic when calling `get_current_screen()` * Adds rate and support links to plugin settings page * Adds `bbq_long_req_length` filter for long-request length * Displays blocked count on settings screen (when [enabled](https://perishablepress.com/bbq-firewall-count-blocked-requests/)) * Updates [whitelist/blacklist addons](https://perishablepress.com/bbq-whitelist-blacklist/) * Updates [customize addon](https://perishablepress.com/customize-bbq-firewall/) * Adds plugin screenshots on settings page * Generates new translation template * Tests on WordPress 6.1 + 6.2 (beta) * Tests on PHP 8.1 and 8.2 **2022/10/02** * Adds custom footer text to plugin settings * Improves plugin documentation * Updates translation template * Tests on WordPress 6.1 **2022/05/17** * Removes `.inc` from firewall patterns * Tests on WordPress 6.0 **2022/01/22** * Disables POST data scanning by default * Tests on WordPress 5.9 **2022/01/18** * Refactors for improved performance * Improves checking of POST requests * Adds filter hook `post_items` * Adds filter hook `bbq_post_scanning` * Adds `/.env` to Request URI patterns * Adds `c99.php` to Request URI patterns * Updates [blacklist](https://perishablepress.com/bbq-whitelist-blacklist/) and [customize](https://perishablepress.com/customize-bbq-firewall/) addons * Improves loading of translations * Updates some links to external resources * Changes minimum required WP version to 4.6 * Tests on WordPress 5.9 **2021/07/19** * Removes `ambien` from referrer patterns * Tests on WordPress 5.8 **2021/02/11** * Removes `zune` pattern from user agents * Removes `ninja` pattern from user agents * Tests on WordPress 5.7 **2020/12/09** * Tweaks query string pattern for optimal matching * Further tests on WordPress 5.6 **2020/12/08** * Removes `order` pattern from Query String rules * Removes `ahrefs` pattern from User Agent rules **2020/11/23** * Removes `python` from the User Agent rules * Adds filter for URI long-request blocking * Adds filter for enabling logging of blocked requests * Releases [customize plugin](https://perishablepress.com/customize-bbq-firewall/) to change default functionality * Further tests on WordPress 5.6 **2020/11/16** * Improves XSS protection * Improves logic of `bbq_core()` * Integrates 7G patterns to firewall rules * Removes some redundant firewall patterns * Adds protection against excessive characters * Adds logging functionality (disabled by default) * Adds filter hooks to customize blocked response * Replaces `guangxiymcd` with `www\.(.*)\.cn` * Changes plugin name to "BBQ Firewall" * Updates default translation template * Updates/refines readme.txt * Tests on PHP 7.4 and 8.0 * Tests on WordPress 5.6 **2020/08/11** * Replaces `guangxiymcd` with wildcard match `www.(.*).cn` * Refines readme/documentation * Tests on WordPress 5.5 **2020/07/06** * Adds `guangxiymcd` to Request URI and Query String patterns * Tests on WordPress 5.4 + 5.5 (alpha) **2020/03/19** * Tests on WordPress 5.4 **2019/11/09** * Changes to `plugins_url()` for `BBQ_URL` constant * Tests on WordPress 5.3 **2019/09/02** * Updates some links to https * Tests on WordPress 5.3 (alpha) **2019/05/01** * Bumps [minimum PHP version](https://codex.wordpress.org/Template:Server_requirements) to 5.6.20 * Adds activation check if BBQ Pro is active * Updates default translation template * Tests on WordPress 5.2 **2019/03/11** * Improves function `bbq_action_links()` * Refines plugin settings screen UI * Generates new default translation template * Tests on WordPress 5.1 and 5.2 (alpha) **2019/02/20** * Tests on WordPress 5.1 **2018/11/17** * Adds homepage link to Plugins screen * Updates default translation template * Tests on WordPress 5.0 **2018/08/21** * Removes `.tar` from Request URI patterns * Adds `rel="noopener noreferrer"` to all [blank-target links](https://perishablepress.com/wordpress-blank-target-vulnerability/) * Updates GDPR blurb and donate link * Regenerates default translation template * Further tests on WP 4.9 and 5.0 (alpha) **2018/05/11** * Adds `xrumer` to blocked query strings and request URIs * Adds `indoxploi` to blocked query strings and request URIs * Generates new translation template * Tests on WordPress 5.0 **2017/11/01** * Updates readme.txt :) * Tests on WordPress 4.9 **2017/10/19** * Changes `\/\.tar` to `\.tar` in Request patterns * Changes `\/\.bash` to `\.bash` in Request patterns * Adds new User Agent patterns: `shellshock`, `md5sum`, `\/bin\/bash` * Adds new Request patterns: `@@`, `@eval`, `\/file\:`, `\/php\:`, `\.cmd`, `\.bat`, `\.htacc`, `\.htpas`, `\.pass`, `usr\/bin\/perl`, `var\/lib\/php`, `wp-config\.php` * Adds new Query String patterns: `@@`, `\(0x`, `0x3c62723e`, `\(\)\}`, `\:\;\}\;`, `\;\!--\=`, `@eval`, `eval\(`, `base64_`, `UNION(.*)SELECT`, `\/config\.`, `\/wwwroot`, `\/makefile`, `\$_session`, `\$_request`, `\$_env`, `\$_server`, `\$_post`, `\$_get`, `phpinfo\(`, `shell_exec\(`, `file_get_contents`, `allow_url_include`, `disable_functions`, `auto_prepend_file`, `open_basedir`, `(benchmark|sleep)(\s|%20)*\(` * Tests on WordPress 4.9 **2017/07/30** * Changed menu item name to "BBQ Firewall" * Tests on WordPress 4.9 (alpha) **2017/03/22** * Adds plugin settings page * Adds French translation (thanks to Bouzin) * Generates new default translation template * Tests on WordPress version 4.8 **2016/11/14** * Replaces `esc_html` with `esc_attr` for link title attributes * Changes stable tag from trunk to latest version * Adds `»` to rate this plugin link * Updates URL for rate this plugin link * Moves "Go Pro" link to action links * Renames action/meta link functions * Updates default translation template * Tests on WordPress version 4.7 (beta) **2016/08/10** * Added translation support * Added plugin icons and larger banner * General fine-tuning and testing * Tested on WordPress 4.6 **2016/03/28** * Removed `\:\/\/` from Request URI and Query String patterns (see [this thread](https://wordpress.org/support/topic/redirection-blocked)) * Added `(benchmark|sleep)(\s|%20)*\(` to Request URI patterns (thanks to [smitka](https://wordpress.org/support/topic/idea-better-sqli-filter)) * Tested on WordPress 3.5 beta **2015/11/07** * Added `\.php\([0-9]+\)`, `__hdhdhd.php` to URI patterns (Thanks to [George Lerner](https://www.glerner.com/)) * Added `acapbot`, `semalt` to User Agent patterns (Thanks to [George Lerner](https://www.glerner.com/)) * Replaced `UNION.*SELECT` with `UNION(.*)SELECT` in Request URI patterns * Added `morfeus`, `snoopy` to User Agent patterns * Refactored redirect/exit functionality * Renamed `rate_bbq()` to `bbq_links()` * Tested with WordPress 4.4 beta **2015/08/08** * Tested on WordPress 4.3 * Updated minimum version requirement * Highlighted Pro link on Plugins screen **2015/06/24** * Replaced `UNION\+SELECT` with `UNION.*SELECT` * Added `wp-config.php` to query-string patterns * Added plugin link to [BBQ Pro](https://plugin-planet.com/bbq-pro/) * Testing on WP 4.3 (alpha) **2015/05/07** * Tested with WP 4.2 and 4.3 (alpha) * Replaced some `http` with `https` in readme.txt **2015/03/14** * introduce `bbq_core()` * tested on latest WP * tightened up code **2014/09/22** * tested on latest version of WordPress (4.0) * retested on Multisite * increased minimum version requirement to WP 3.7 **2014/03/05** * Bugfix: added conditional checks for empty variables **2014/01/23** * tested on latest version of WordPress (3.8) * added link to rate plugin **2013/11/03** * removed `?>` from script * added optional line for blocking long URLs * added line to prevent direct access to BBQ script * added `\;Nt\.`, `\=Nt\.`, `\,Nt\.` to request URI items * tested on latest version of WordPress (3.7) **2013/07/07** * replaced `Nt\.` with `\/Nt\.` (resolves comment editing/approval issue) **2013/07/05** * removed `https\:` (from previous version) * replaced `\/https\/` with `\/https\:` * replaced `\/http\/` with `\/http\:` * replaced `\/ftp\/` with `\/ftp\:` **2013/07/04** * removed block for `jakarta` in user-agents * removed `union` from query strings * added to request-URI: `\%2Flocalhost`, `Nt\.`, `https\:`, `\.exec\(`, `\)\.html\(`, `\{x\.html\(`, `\(function\(` * resolved PHP Notice "Undefined Index" via `isset()` **2013/01/03** * removed block for `CONCAT` in request-URI * removed block for `environ` in query-string * removed block for `%3C` and `%3E` in query-string * removed block for `%22` and `%27` in query-string * removed block for `[` and `]` in query-string (to allow unsafe characters used in WordPress) * removed block for `?` in query-string (to allow unsafe character used in WordPress) * removed block for `:` in query-string (to allow unsafe character used by Google) * removed block for `libwww` in user-agents (to allow access to Lynx browser) **2012/11/08** * Removed `:` match from query string (Google disregards encoding) * Removed `scanner` from query string from query string match * Streamlined source code for better performance (thanks to juliobox) **Older versions** * 2012/10/27 - Disabled check for long strings, disabled check for scanner * 2012/10/26 - Rebuilt plugin using 5G/6G technology * 2011/02/21 - Updated readme.txt file * 2009/12/30 - Added check for admin users * 2009/12/30 - Additional request strings added