=== BBQ Pro === Plugin Name: BBQ Pro Plugin URI: https://plugin-planet.com/bbq-pro/ Description: The fastest WordPress firewall plugin. Advanced protection against malicious requests. Tags: security, protect, firewall, php, eval, malicious, url, request, blacklist Author: Jeff Starr Contributors: specialk Author URI: https://plugin-planet.com/ Donate link: https://monzillamedia.com/donate.html Requires at least: 4.1 Tested up to: 5.4 Stable tag: 2.7 Version: 2.7 Requires PHP: 5.6.20 Text Domain: bbq-pro Domain Path: /languages License: BBQ Pro is comprised of two parts (see "License" section below for details) The fastest WordPress firewall plugin. Advanced protection against malicious requests. == Description == > BBQ = Block Bad Queries [BBQ Pro](https://plugin-planet.com/bbq-pro/) helps keep your WordPress site safe and secure by blocking attacks and bad requests. This helps to conserve precious server resources like memory and bandwidth. BBQ Pro is built to be extensible, flexible, and blazing fast. It checks all incoming traffic and quietly blocks any URI requests that contain nasty stuff like `eval(`, `base64(`, `exec(`, and other malicious nonsense. BBQ Pro is fully customizable, giving you control over every pattern and rule. You can edit, remove, add, and/or test BBQ patterns via easy-to-use settings screens. **Features** * Plug-n-play functionality * No configuration required * Born of simplicity, no frills * Lightweight, fast and flexible * Regularly updated and "future proof" * Advanced protection against malicious requests * Works silently behind the scenes to protect your site * Advanced configuration via easy-to-use settings screen * Scans all incoming traffic, option to disable for logged-in users * Option to specify a redirect URL for blocked requests * Option to display a custom message for all blocked requests * Set your own Status Code for blocked requests * Customize (add/remove/edit) BBQ patterns to suit your security strategy * Tracks the number of times each BBQ pattern blocks a request * Built-in "test" buttons to test each BBQ pattern * Scan for malicious strings in the Request URI, Query String, User Agent, IP Address, and Referrer * Add your own custom patterns to BBQ to protect against new threats and unwanted requests * Includes tools to reset options, patterns, and statistics * Protects against [user-ID phishing](https://plugin-planet.com/bbq-pro-block-user-id-phishing/) * Powered by [5G Blacklist](https://perishablepress.com/5g-blacklist-2013/), [6G Blacklist](https://perishablepress.com/6g-beta/), and 10+ years of hands-on security experience * NEW! Optional whitelisting of IP addresses BBQ Pro is the premium version of the [Block Bad Queries (BBQ) WordPress plugin](https://wordpress.org/plugins/block-bad-queries/). [Learn more about BBQ Pro »](https://plugin-planet.com/bbq-pro/) **Privacy** This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way. > Works perfectly with or without Gutenberg == Screenshots == [Screenshots available at Plugin Planet](https://plugin-planet.com/bbq-pro/#screenshots) == Installation == = Installing BBQ Pro = 1. Download a zipped copy of BBQ Pro from Plugin Planet 2. Unzip and upload the `/bbq-pro/` folder to `/wp-content/plugins/` 3. Visit the WordPress Plugins screen to activate BBQ Pro 4. Visit BBQ Pro License to activate the license 5. Visit BBQ Pro Settings to configure options Step 5 is optional; by default BBQ Pro works just like the free version of BBQ, silently protecting your site with no configuration required. To customize the plugin, visit the BBQ Settings and BBQ Patterns. Note: BBQ includes complete inline documentation; click the "Help" tab in the upper-right corner of any BBQ settings screen for more information. [Get started using BBQ Pro](https://plugin-planet.com/bbq-pro-quick-start/) [More info on installing WP plugins](https://codex.wordpress.org/Managing_Plugins#Installing_Plugins) **Like the plugin?** If you like BBQ Pro, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you! == Upgrade Notice == __Upgrades:__ Your purchase of USP Pro includes free lifetime upgrades, which include new features, bug fixes, and other improvements. When an upgrade is available, WordPress will notify you in the Admin Area. When you see that there is an update available, just click "Update" and WordPress will perform the upgrade automatically. Note that you can [download the latest version of USP Pro at Plugin Planet](https://plugin-planet.com/download-purchased-plugin/) anytime at your convenience. **New BBQ Patterns** When new patterns are available, they can be enabled via "Reset Patterns" under the Tools menu. **Uninstall/Reset** At any time you may visit the "Tools" screen to reset default settings, patterns, and statistics. Also, uninstalling the plugin from the WP Plugins screen results in the removal of all settings and data from the WP database. == Usage == * Install, activate, and done -- no configuration required for basic BBQ protection * To configure plugin settings, visit BBQ's "Settings" screen * To customize the patterns used to block bad requests, visit BBQ's "Patterns" screen * To reset settings, patterns, and statistics, visit BBQ's "Tools" screen * To enter your license and enable the plugin, visit BBQ's "License" screen Note: BBQ includes complete inline documentation; click the "Help" tab in the upper-right corner of any BBQ settings screen for more information. == Resources == = Getting started = * [BBQ Pro Homepage](https://plugin-planet.com/bbq-pro/) * [BBQ Pro Quick Start Guide](https://plugin-planet.com/bbq-pro-quick-start/) * [BBQ Pro readme.txt](https://plugin-planet.com/wp/files/bbq-pro/readme.txt) * [BBQ Pro Settings](https://plugin-planet.com/bbq-pro-settings/) * [BBQ Pro FAQs](https://plugin-planet.com/bbq-pro-faqs/) = License Information = * [Guide: Install Plugin](https://plugin-planet.com/install-plugin/) * [Guide: Get plugin license key](https://plugin-planet.com/get-license-key/) * [Guide: Activate Plugin License](https://plugin-planet.com/activate-deactivate-plugin-license/) * [More info on installing WP plugins](https://codex.wordpress.org/Managing_Plugins#Installing_Plugins) = Further resources = * [BBQ Pro Docs](https://plugin-planet.com/docs/bbq/) * [BBQ Pro Forum](https://plugin-planet.com/forum/bbq/) * [BBQ Pro Tutorials](https://plugin-planet.com/category/tuts+bbq-pro/) * [BBQ Pro News](https://plugin-planet.com/category/news+bbq-pro/) = Feedback and downloads = * [Bug reports, help requests, and feedback](https://plugin-planet.com/bbq-pro/#contact) * [Log in to your account for current downloads](https://plugin-planet.com/wp/wp-login.php) = Screenshots and more = * [Learn more about BBQ Pro](https://plugin-planet.com/bbq-pro/) * [Screenshots and more available](https://plugin-planet.com/bbq-pro/#screenshots) == Frequently Asked Questions == [Check out the BBQ Pro FAQs at Plugin Planet »](https://plugin-planet.com/bbq-pro-faqs/) == License == The BBQ Pro license is comprised of two parts: * Part 1: Its PHP code is licensed under the GPL (v2 or later), like WordPress. More info @ https://www.gnu.org/licenses/ * Part 2: Everything else (e.g., CSS, HTML, JavaScript, images, design) is licensed according to the purchased license. More info @ https://plugin-planet.com/bbq-pro/ Without prior written consent from Monzilla Media, you must NOT directly or indirectly: license, sub-license, sell, resell, or provide for free any aspect or component of Part 2. Further license information is available in the plugin directory, `/license/`, and online @ https://plugin-planet.com/wp/files/bbq-pro/license.txt Upgrades: Your purchase of BBQ Pro includes free lifetime upgrades, which include new features, bug fixes, and other improvements. Copyright 2020 Monzilla Media. All rights reserved. == Check out my other plugins! == Free WordPress plugins: * [Banhammer](https://wordpress.org/plugins/banhammer/) * [Host Header Injection Fix](https://wordpress.org/plugins/host-header-injection-fix/) * [Blackhole for Bad Bots](https://wordpress.org/plugins/blackhole-bad-bots/) * [BBQ: Block Bad Queries](https://wordpress.org/plugins/block-bad-queries/) * [Contact Coldform](https://wordpress.org/plugins/contact-coldform/) * [Dashboard Widgets Suite](https://wordpress.org/plugins/dashboard-widgets-suite/) * [GA Google Analytics](https://wordpress.org/plugins/ga-google-analytics/) * [Head Meta Data](https://wordpress.org/plugins/head-meta-data/) * [Show Support Ribbon](https://wordpress.org/plugins/show-support-ribbon/) * [Simple Ajax Chat](https://wordpress.org/plugins/simple-ajax-chat/) * [Simple Basic Contact Form](https://wordpress.org/plugins/simple-basic-contact-form/) * [Simple Blog Stats](https://wordpress.org/plugins/simple-blog-stats/) * [Simple Custom Content](https://wordpress.org/plugins/simple-custom-content/) * [Simple Feed Stats](https://wordpress.org/plugins/simple-feed-stats/) * [User Submitted Posts](https://wordpress.org/plugins/user-submitted-posts/) * [Theme Switcha](https://wordpress.org/plugins/theme-switcha/) * [Prismatic](https://wordpress.org/plugins/prismatic/) Premium WordPress plugins: * [BBQ Pro](https://plugin-planet.com/bbq-pro/) - Super fast WordPress firewall * [Blackhole Pro](https://plugin-planet.com/blackhole-pro/) - Automatically block bad bots * [Banhammer Pro](https://plugin-planet.com/banhammer-pro/) - Monitor traffic and ban the bad guys * [GA Google Analytics Pro](https://plugin-planet.com/ga-google-analytics-pro/) - Connect your WordPress to Google Analytics * [USP Pro](https://plugin-planet.com/usp-pro/) - Unlimited front-end forms More awesome plugins on the way :) == Changelog == If you like BBQ Pro, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you! = 2.7 (2020/03/27) = * Adds new default firewall patterns * Tests on WordPress 5.4 = 2.6 (2019/11/19) = * Updates styles for plugin settings page * Generates new default translation template * Tests on WordPress 5.3 = 2.5 (2019/09/07) = * Adds option to send email alerts for blocked requests * Tests with updated [BBQ Logging Plugin](https://plugin-planet.com/bbq-pro-log-requests/) * Adds filter hook `bbq_send_alerts_site` * Adds filter hook `bbq_send_alerts_subject` * Adds `%c` pattern to display the blocked count * Updates contextual Help information * Updates some links to https * Updates information on plugin page * Generates new default translation template * Tests on WordPress 5.3 (alpha) = 2.4 (2019/05/02) = * Refines BBQ License screen UI * Fixes bug when activating pro when free version is active * Bumps [minimum PHP version](https://codex.wordpress.org/Template:Server_requirements) to 5.6.20 * Updates default translation template * Tests on WordPress 5.2 = 2.3 (2019/03/21) = * Adds function `plugin_links()` * Improves function `check_bbq()` * Improves function `bbq_action_links()` * Improves display of plugin License screen * Improves functionality for one-click plugin updates * Replaces `hurl.it` with [askapache.com](https://www.askapache.com/online-tools/http-headers-tool/) in Help tab * Adds check for admin user for settings shortcut link * Refines plugin settings screen UI * Generates new default translation template * Tests on WordPress 5.1 and 5.2 (alpha) = 2.2 (2018/11/18) = * Updates default translation template * Tests on WordPress 5.0 (beta) = 2.1 (2018/08/22) = * Adds `rel="noopener noreferrer"` to all [blank-target links](https://perishablepress.com/wordpress-blank-target-vulnerability/) * Updates GDPR blurb and donate link * Regenerates default translation template * Further tests on WP 4.9 and 5.0 (alpha) = 2.0 (2018/05/11) = New patterns available! See "Upgrade Notice" in plugin documentation or readme.txt. * Adds `rel="noopener noreferrer"` to blank targets * Updates default set of whitelisted IP addresses * Updates info in plugin Help tabs on settings page * Disables error logging of invalid IP addresses * Renames the "Patterns" menu to "Firewall" * Replaces `requestmaker.com` with `hurl.it` * Adds `indoxploi` to query string and request URI patterns * Adds `xrumer` to query string and request URI patterns * Generates new translation template * Updates plugin image files * Tests on WordPress 5.0 (alpha) = 1.9 (2017/11/10) = * Changes `/.tar` to `.tar` in Request patterns * Changes `/.bash` to `.bash` in Request patterns * Adds new Basic User Agent Patterns: `shellshock`, `md5sum`, `/bin/bash` * Adds new Advanced Request Patterns: `@@`, `@eval`, `/file:`, `/php:`, `.cmd`, `.bat`, `.htacc`, `.htpas`, `.pass`, `usr/bin/perl`, `var/lib/php` * Adds new Advanced Query String Patterns: `/config.`, `/wwwroot`, `/makefile`, `$_session`, `$_request`, `$_env`, `$_server`, `$_post`, `$_get`, `@@`, `(0x`, `0x3c62723e`, `;!--=` * Adds new Basic Query String Patterns: `@eval`, `base64_`, `phpinfo(`, `shell_exec(`, `benchmark(`, `sleep(`, `union(`, `)select`, `file_get_contents`, `allow_url_include`, `disable_functions`, `auto_prepend_file`, `open_basedir` * New addon: Reset Patterns (mu-plugin) * Adds filter hook: `bbq_i18n_locale` * Improves `load_i18n()` for better translation loading * Updates `EDD_SL_Plugin_Updater` to [version 1.6.13](https://bit.ly/2yqX3yu) * Regenerates default translation template * Tests on WordPress 4.9 = 1.8.1 (2017/08/13) = * Improves test-URL functionality * Removes some redundant patterns: `.exec(`, `.aspx`, `);$(this).html(`, `/playing.php`, `/pingserver.php` * Tests on WordPress 4.9 (alpha) = 1.8 (2017/07/30) = * Adds support for CIDR notation for whitelist IPs * New installs automatically add server IP address to whitelist setting * Updates Help tab on plugin settings page * Replaces jQuery `.live()` with `.on()` * Tests on WordPress 4.9 (alpha) = 1.7 (2017/03/28) = * Tweaks CSS on BBQ settings page * Adds new filter hook `bbq_ip_keys` * Changes link/URL on BBQ License page * Updates the licensing updater script * Adds some missing translation strings * Adds French translation (thanks to Bouzin) * Enables wildcard matching for whitelisted IPs * Replaces global `$wp_version` with `get_bloginfo('version')` * Generates new default translation template * Tests on WordPress version 4.8 = 1.6 (2016/11/21) = * Replaced `esc_url` with `esc_url_raw` in `bbq()` * Added missing default setting for `whitelist_ips` * Added `/bin/bash` to Advanced Request URIs * Removed default styles for abbr on plugin page * Changed stable tag from trunk to latest version * Tested on WordPress version 4.7 (beta) = 1.5 (2016/08/16) = New patterns available! See "Upgrade Notice" in readme.txt. * Improved IP-detection protocols for better accuracy * Added setting to optionally whitelist any IP addresses * Added new filter hook, `bbq_ip_filter` * Updates [WP Admin Notices](https://digwp.com/2016/05/wordpress-admin-notices/) * Replaced `_e()` with `esc_html_e()` or `esc_attr_e()` * Replaced `__()` with `esc_html__()` or `esc_attr__()` * Improved translation support * Renamed `/lang/` to `/languages/` * Generated new translation template * Changed text-domain from "bbq" to "bbq-pro" * Replaced BBQ Pro icon with hi-rez/retina version * Added ".aspx" to Basic patterns * Replaced "proc/self/environ" with "self/environ" in Basic patterns * Removed "docomo" from Advanced UA patterns * Added "seekerspider" to Advanced UA patterns * Replaced "muieblackcat" with "muieblack" in Advanced patterns * Added "/shell.php", "benchmark(", "sleep(", "&pws=0", ".bak" to Advanced patterns * Tested on WordPress 4.6 = 1.4 (2016/03/28) = New patterns available! See "Upgrade Notice" in readme.txt. * Added "sitesucker" to Basic UA patterns * Added "base64(" to Basic Request URI and Query String patterns * Renamed bbq_core to bbq__core to avoid conflict with free version * Improved system checks for required WP version and free version * Added (array) to $bbq_patterns loop in bbq-core.php * Updated handling of license update status * Updated License screen interface * Updated plugin updater class to 1.6.3 * Tested on WordPress 4.5 beta = 1.3.1 (2015/11/23) = * Added isset() to check for new strict_mode setting = 1.3 (2015/11/18) = New patterns available! See "Upgrade Notice" in readme.txt. * Added !$array['enable'] to loop() function * rawurldecode() no longer enabled by default * Added "Strict Mode" to enable rawurldecode() * Added missing validation for limit_request * Updated Contextual Help tab information * Added "acapbot" and "semalt" to UA patterns * Added "morfeus" and "snoopy" to UA patterns * Added "__hdhdhd.php" to URI patterns * update heading hierarchy on settings page * Added settings_errors() to settings page * Now using admin_notices for alerts * Admin notices now dismissible * Added bbq_patterns_admin_notice() * Added bbq_tools_admin_notice() * Added bbq_license_admin_notice() * Added bbq_scan hook (can be used for [logging](https://plugin-planet.com/bbq-pro-log-requests/)) * Added total active pattern counts * Added bbq_active_count() function * Changed hook for bbq_reset_defaults to admin_init * Update heading hierarchy on settings page * Updated translation template file * Updated minimum version requirement * General code cleanup and testing * Tested with WordPress 4.4 beta = 1.2 (2015/07/15) = * Bugfix: Admin Area inaccessible to non-admin-level users = 1.1 (2015/07/05) = * Bugfix: disabled patterns not disabled * Updated contextual help * New language template = 1.0 (2015/06/25) = * Initial release