=== BBQ Pro === Plugin Name: BBQ Pro Plugin URI: https://plugin-planet.com/bbq-pro/ Description: The fastest firewall plugin for WordPress. Advanced protection against a wide range of threats. Tags: firewall, secure, security, malware, web application firewall, waf Author: Jeff Starr Contributors: specialk Author URI: https://plugin-planet.com/ Donate link: https://monzillamedia.com/donate.html Requires at least: 4.1 Tested up to: 5.8 Stable tag: 3.1 Version: 3.1 Requires PHP: 5.6.20 Text Domain: bbq-pro Domain Path: /languages License: BBQ Pro is comprised of two parts (see "License" section below for details) The lightest, fastest firewall plugin for WordPress. Advanced protection against a wide range of threats. == Description == > Install, activate, and done! > Powerful protection from WP's __fastest__ firewall plugin. [BBQ Pro](https://plugin-planet.com/bbq-pro/) helps keep your WordPress site safe and secure by blocking attacks and bad requests. This helps to conserve precious server resources like memory and bandwidth. BBQ Pro is built to be extensible, flexible, and blazing fast. It checks all incoming traffic and quietly blocks any URI requests that contain nasty stuff like `eval(`, `base64(`, `exec(`, and other malicious patterns. BBQ Pro is fully customizable, giving you control over every pattern and rule. You can edit, remove, add, and/or test BBQ patterns via easy-to-use settings screens. > Adds a strong firewall to ANY WordPress site > Works with all WordPress plugins and themes ### Powerful Protection ### BBQ Pro protects your site against many threats: * SQL injection attacks * Executable file uploads * Directory traversal attacks * Unsafe character requests * Excessively long requests * PHP remote/file execution * XSS, XXE, and related attacks * Protects against bad bots * Protects against bad referrers * Protects against [user-ID phishing](https://plugin-planet.com/bbq-pro-block-user-id-phishing/) * Plus many other bad requests > Works great with [Blackhole for Bad Bots](https://wordpress.org/plugins/blackhole-bad-bots/) and [Blackhole Pro](https://plugin-planet.com/blackhole-pro/) ### Awesome Features ### * Rated [5 stars](https://wordpress.org/plugins/block-bad-queries/#reviews) at WordPress.org * 100% plug-&-play, zero configuration * 100% focused on security and performance * Blocks a wide range of malicious URL requests * Fastest Web Application Firewall (WAF) for WordPress * Based on the [6G](https://perishablepress.com/6g/)/[7G Firewall](https://perishablepress.com/7g-firewall/) * Scans all incoming traffic and blocks bad requests * Scans all types of requests: GET, POST, PUT, DELETE, etc. * Protects against known bad bots and referrers * Works silently behind the scenes to protect your site * Hassle-free security plugin that's easy to use * Thoroughly tested, error-free performance * Extremely low rate of false positives * Compatible with other security plugins * Regularly updated and "future proof" * Lightweight, fast and flexible > BBQ = Block Bad Queries ### Pro Features ### * Advanced protection against malicious requests * Advanced configuration via easy-to-use settings screen * Customize BBQ patterns to suit your security strategy * Tracks the number of times each BBQ pattern blocks a request * Includes tools to reset options, patterns, and statistics * Option to display a custom message for all blocked requests * Option to specify a redirect URL for blocked requests * Option to disable firewall for logged-in users * Option to whitelist IP addresses and User Agents * Set your own Status Code for blocked requests * Built-in "test" buttons to test each BBQ pattern * Add your own custom patterns to protect against threats * Scans the Request URI, Query String, User Agent, IP Address, and Referrer BBQ Pro is the premium version of the free [BBQ Firewall](https://wordpress.org/plugins/block-bad-queries/). [Learn more about BBQ Pro »](https://plugin-planet.com/bbq-pro/) ### Privacy ### This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way. == Screenshots == [Screenshots available at Plugin Planet](https://plugin-planet.com/bbq-pro/#screenshots) == Installation == ### Installing BBQ Pro ### 1. Download a zipped copy of BBQ Pro from Plugin Planet 2. Unzip and upload the `/bbq-pro/` folder to `/wp-content/plugins/` 3. Visit the WordPress Plugins screen to activate BBQ Pro 4. Visit BBQ Pro License to activate the license 5. Visit BBQ Pro Settings to configure options Step 5 is optional; by default BBQ Pro works just like the free version of BBQ, silently protecting your site with no configuration required. To customize the plugin, visit the BBQ Settings and BBQ Patterns. __Note:__ BBQ includes complete inline documentation; click the "Help" tab in the upper-right corner of any BBQ settings screen for more information. [Get started using BBQ Pro](https://plugin-planet.com/bbq-pro-quick-start/) [More info on installing WP plugins](https://wordpress.org/support/article/managing-plugins/#installing-plugins) ### Upgrades ### Your purchase of USP Pro includes free lifetime upgrades, which include new features, bug fixes, and other improvements. When an upgrade is available, WordPress will notify you in the Admin Area. When you see that there is an update available, just click "Update" and WordPress will perform the upgrade automatically. Note that you can [download the latest version of USP Pro at Plugin Planet](https://plugin-planet.com/download-purchased-plugin/) anytime at your convenience. ### New BBQ Patterns ### When new patterns are available, they can be enabled via "Reset Patterns" under the Tools menu. ### Uninstall/Reset ### At any time you may visit the "Tools" screen to reset default settings, patterns, and statistics. Also, uninstalling the plugin from the WP Plugins screen results in the removal of all settings and data from the WP database. ### Like the plugin? ### If you like BBQ Pro, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you! == Upgrade Notice == This plugin has been tested and is 100% current with the latest version of WordPress. == Usage == * Install, activate, and done -- no configuration required for basic BBQ protection * To configure plugin settings, visit BBQ's "Settings" screen * To customize the patterns used to block bad requests, visit BBQ's "Patterns" screen * To reset settings, patterns, and statistics, visit BBQ's "Tools" screen * To enter your license and enable the plugin, visit BBQ's "License" screen __Note:__ BBQ includes complete inline documentation; click the "Help" tab in the upper-right corner of any BBQ settings screen for more information. == Resources == Some useful resources for BBQ Pro: = Getting started = * [BBQ Pro Homepage](https://plugin-planet.com/bbq-pro/) * [BBQ Pro Quick Start Guide](https://plugin-planet.com/bbq-pro-quick-start/) * [BBQ Pro readme.txt](https://plugin-planet.com/wp/files/bbq-pro/readme.txt) * [BBQ Pro Settings](https://plugin-planet.com/bbq-pro-settings/) * [BBQ Pro FAQs](https://plugin-planet.com/bbq-pro-faqs/) = License Information = * [Guide: Install Plugin](https://plugin-planet.com/install-plugin/) * [Guide: Get plugin license key](https://plugin-planet.com/get-license-key/) * [Guide: Activate Plugin License](https://plugin-planet.com/activate-deactivate-plugin-license/) * [More info on installing WP plugins](https://codex.wordpress.org/Managing_Plugins#Installing_Plugins) = Further resources = * [BBQ Pro Docs](https://plugin-planet.com/docs/bbq/) * [BBQ Pro Forum](https://plugin-planet.com/forum/bbq/) * [BBQ Pro Tutorials](https://plugin-planet.com/category/tuts+bbq-pro/) * [BBQ Pro News](https://plugin-planet.com/category/news+bbq-pro/) = Feedback and downloads = * [Bug reports, help requests, and feedback](https://plugin-planet.com/bbq-pro/#contact) * [Log in to your account for current downloads](https://plugin-planet.com/wp/wp-login.php) = Screenshots and more = * [Learn more about BBQ Pro](https://plugin-planet.com/bbq-pro/) * [Screenshots and more available](https://plugin-planet.com/bbq-pro/#screenshots) Need help? Reach us anytime via our [contact form](https://plugin-planet.com/bbq-pro/#contact). == Frequently Asked Questions == Check out the [BBQ Pro FAQs](https://plugin-planet.com/bbq-pro-faqs/) at Plugin Planet. ### Questions? Feedback? Bugs? ### There are two channels for getting help: * [Ask a question in the BBQ Pro Forum](https://plugin-planet.com/forum/bbq/) ([login required](https://plugin-planet.com/wp/wp-login.php)) * [Send an email via the contact form](https://plugin-planet.com/bbq-pro/#contact) The contact form is best for direct support, bug reports, and feedback. == License == The BBQ Pro license comprises two parts: * __Part 1:__ Its PHP code is licensed under the GPL (v3 or later), like WordPress. [More info](https://www.gnu.org/licenses/). * __Part 2:__ Everything else (e.g., CSS, HTML, JavaScript, images, design) is licensed according to the purchased license. [More info](https://plugin-planet.com/bbq-pro/). Without prior written consent from Monzilla Media, you must NOT directly or indirectly: license, sub-license, sell, resell, or provide for free any aspect or component of Part 2. Further license information is available in the plugin directory, `/license/`, and [online](https://plugin-planet.com/wp/files/bbq-pro/license.txt). __Upgrades:__ Your purchase of BBQ Pro includes free lifetime upgrades, which include new features, bug fixes, and other improvements. Copyright 2021 Monzilla Media. All rights reserved. == Check out my other plugins == Free WordPress plugins: * [Banhammer](https://wordpress.org/plugins/banhammer/) * [Host Header Injection Fix](https://wordpress.org/plugins/host-header-injection-fix/) * [Blackhole for Bad Bots](https://wordpress.org/plugins/blackhole-bad-bots/) * [BBQ Firewall](https://wordpress.org/plugins/block-bad-queries/) * [Contact Coldform](https://wordpress.org/plugins/contact-coldform/) * [Dashboard Widgets Suite](https://wordpress.org/plugins/dashboard-widgets-suite/) * [GA Google Analytics](https://wordpress.org/plugins/ga-google-analytics/) * [Head Meta Data](https://wordpress.org/plugins/head-meta-data/) * [Show Support Ribbon](https://wordpress.org/plugins/show-support-ribbon/) * [Simple Ajax Chat](https://wordpress.org/plugins/simple-ajax-chat/) * [Simple Basic Contact Form](https://wordpress.org/plugins/simple-basic-contact-form/) * [Simple Blog Stats](https://wordpress.org/plugins/simple-blog-stats/) * [Simple Custom Content](https://wordpress.org/plugins/simple-custom-content/) * [Simple Feed Stats](https://wordpress.org/plugins/simple-feed-stats/) * [User Submitted Posts](https://wordpress.org/plugins/user-submitted-posts/) * [Theme Switcha](https://wordpress.org/plugins/theme-switcha/) * [Prismatic](https://wordpress.org/plugins/prismatic/) Premium WordPress plugins: * [Banhammer Pro](https://plugin-planet.com/banhammer-pro/) - Monitor traffic and ban bad users and bots * [BBQ Pro](https://plugin-planet.com/bbq-pro/) - Fastest firewall plugin for WordPress * [Blackhole Pro](https://plugin-planet.com/blackhole-pro/) - Block bad bots in a virtual black hole * [GA Pro](https://plugin-planet.com/ga-google-analytics-pro/) - Connect WordPress to Google Analytics * [SES Pro](https://plugin-planet.com/ses-pro/) - Ajax-powered email signup forms * [USP Pro](https://plugin-planet.com/usp-pro/) - Advanced front-end forms More awesome plugins on the way :) == Changelog == If you like BBQ Pro, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you! = 3.1 (2021/07/20) = * Adds feature to import custom patterns * Adds option to block empty user agents * Adds formatting of firewall stats numbers * Appends plugin version to asset links * Improves CSS for firewall settings * Updates contextual Help tab infos * Regenerates translation template * Tests on WordPress 5.8 = 3.0 (2021/02/15) = * Improves performance of IP functionality * Improves readme.txt/documentation * Tests on WordPress 5.7 = 2.9 (2020/11/22) = * Integrates 7G patterns to firewall rules * Refines/streamlines existing firewall rules * Updates script to account for changes in jQuery UI * Updates default translation template * Updates license updater script * Updates/refines readme.txt * Tests on PHP 7.4 and 8.0 * Tests on WordPress 5.6 = 2.8.1 (2020/08/29) = * Fixes error due to recent update * Tests on WordPress 5.5 = 2.8 (2020/08/20) = * Adds exclude pattern option for email alerts * Adds admin email as default value for alerts * Improves loading of inline JavaScript variables * Adds new allowed tags to "Custom Message" setting * Removes Securi and WP Rocket IPs from default whitelist * Updates default translation template * Updates contextual Help tab information * Refines plugin setting page styles * Updates license updater script * Refines readme/documentation * Tests on WordPress 5.5 = 2.7 (2020/03/27) = * Adds new default firewall patterns * Tests on WordPress 5.4 = 2.6 (2019/11/19) = * Updates styles for plugin settings page * Generates new default translation template * Tests on WordPress 5.3 = 2.5 (2019/09/07) = * Adds option to send email alerts for blocked requests * Tests with updated [BBQ Logging Plugin](https://plugin-planet.com/bbq-pro-log-requests/) * Adds filter hook `bbq_send_alerts_site` * Adds filter hook `bbq_send_alerts_subject` * Adds `%c` pattern to display the blocked count * Updates contextual Help information * Updates some links to https * Updates information on plugin page * Generates new default translation template * Tests on WordPress 5.3 (alpha) = 2.4 (2019/05/02) = * Refines BBQ License screen UI * Fixes bug when activating pro when free version is active * Bumps [minimum PHP version](https://codex.wordpress.org/Template:Server_requirements) to 5.6.20 * Updates default translation template * Tests on WordPress 5.2 = 2.3 (2019/03/21) = * Adds function `plugin_links()` * Improves function `check_bbq()` * Improves function `bbq_action_links()` * Improves display of plugin License screen * Improves functionality for one-click plugin updates * Replaces `hurl.it` with [askapache.com](https://www.askapache.com/online-tools/http-headers-tool/) in Help tab * Adds check for admin user for settings shortcut link * Refines plugin settings screen UI * Generates new default translation template * Tests on WordPress 5.1 and 5.2 (alpha) = 2.2 (2018/11/18) = * Updates default translation template * Tests on WordPress 5.0 (beta) = 2.1 (2018/08/22) = * Adds `rel="noopener noreferrer"` to all [blank-target links](https://perishablepress.com/wordpress-blank-target-vulnerability/) * Updates GDPR blurb and donate link * Regenerates default translation template * Further tests on WP 4.9 and 5.0 (alpha) = 2.0 (2018/05/11) = New patterns available! See "Upgrade Notice" in plugin documentation or readme.txt. * Adds `rel="noopener noreferrer"` to blank targets * Updates default set of whitelisted IP addresses * Updates info in plugin Help tabs on settings page * Disables error logging of invalid IP addresses * Renames the "Patterns" menu to "Firewall" * Replaces `requestmaker.com` with `hurl.it` * Adds `indoxploi` to query string and request URI patterns * Adds `xrumer` to query string and request URI patterns * Generates new translation template * Updates plugin image files * Tests on WordPress 5.0 (alpha) = 1.9 (2017/11/10) = * Changes `/.tar` to `.tar` in Request patterns * Changes `/.bash` to `.bash` in Request patterns * Adds new Basic User Agent Patterns: `shellshock`, `md5sum`, `/bin/bash` * Adds new Advanced Request Patterns: `@@`, `@eval`, `/file:`, `/php:`, `.cmd`, `.bat`, `.htacc`, `.htpas`, `.pass`, `usr/bin/perl`, `var/lib/php` * Adds new Advanced Query String Patterns: `/config.`, `/wwwroot`, `/makefile`, `$_session`, `$_request`, `$_env`, `$_server`, `$_post`, `$_get`, `@@`, `(0x`, `0x3c62723e`, `;!--=` * Adds new Basic Query String Patterns: `@eval`, `base64_`, `phpinfo(`, `shell_exec(`, `benchmark(`, `sleep(`, `union(`, `)select`, `file_get_contents`, `allow_url_include`, `disable_functions`, `auto_prepend_file`, `open_basedir` * New addon: Reset Patterns (mu-plugin) * Adds filter hook: `bbq_i18n_locale` * Improves `load_i18n()` for better translation loading * Updates `EDD_SL_Plugin_Updater` to [version 1.6.13](https://bit.ly/2yqX3yu) * Regenerates default translation template * Tests on WordPress 4.9 = 1.8.1 (2017/08/13) = * Improves test-URL functionality * Removes some redundant patterns: `.exec(`, `.aspx`, `);$(this).html(`, `/playing.php`, `/pingserver.php` * Tests on WordPress 4.9 (alpha) = 1.8 (2017/07/30) = * Adds support for CIDR notation for whitelist IPs * New installs automatically add server IP address to whitelist setting * Updates Help tab on plugin settings page * Replaces jQuery `.live()` with `.on()` * Tests on WordPress 4.9 (alpha) = 1.7 (2017/03/28) = * Tweaks CSS on BBQ settings page * Adds new filter hook `bbq_ip_keys` * Changes link/URL on BBQ License page * Updates the licensing updater script * Adds some missing translation strings * Adds French translation (thanks to Bouzin) * Enables wildcard matching for whitelisted IPs * Replaces global `$wp_version` with `get_bloginfo('version')` * Generates new default translation template * Tests on WordPress version 4.8 = 1.6 (2016/11/21) = * Replaced `esc_url` with `esc_url_raw` in `bbq()` * Added missing default setting for `whitelist_ips` * Added `/bin/bash` to Advanced Request URIs * Removed default styles for abbr on plugin page * Changed stable tag from trunk to latest version * Tested on WordPress version 4.7 (beta) = 1.5 (2016/08/16) = New patterns available! See "Upgrade Notice" in readme.txt. * Improved IP-detection protocols for better accuracy * Added setting to optionally whitelist any IP addresses * Added new filter hook, `bbq_ip_filter` * Updates [WP Admin Notices](https://digwp.com/2016/05/wordpress-admin-notices/) * Replaced `_e()` with `esc_html_e()` or `esc_attr_e()` * Replaced `__()` with `esc_html__()` or `esc_attr__()` * Improved translation support * Renamed `/lang/` to `/languages/` * Generated new translation template * Changed text-domain from "bbq" to "bbq-pro" * Replaced BBQ Pro icon with hi-rez/retina version * Added ".aspx" to Basic patterns * Replaced "proc/self/environ" with "self/environ" in Basic patterns * Removed "docomo" from Advanced UA patterns * Added "seekerspider" to Advanced UA patterns * Replaced "muieblackcat" with "muieblack" in Advanced patterns * Added "/shell.php", "benchmark(", "sleep(", "&pws=0", ".bak" to Advanced patterns * Tested on WordPress 4.6 = 1.4 (2016/03/28) = New patterns available! See "Upgrade Notice" in readme.txt. * Added "sitesucker" to Basic UA patterns * Added "base64(" to Basic Request URI and Query String patterns * Renamed bbq_core to bbq__core to avoid conflict with free version * Improved system checks for required WP version and free version * Added (array) to $bbq_patterns loop in bbq-core.php * Updated handling of license update status * Updated License screen interface * Updated plugin updater class to 1.6.3 * Tested on WordPress 4.5 beta = 1.3.1 (2015/11/23) = * Added isset() to check for new strict_mode setting = 1.3 (2015/11/18) = New patterns available! See "Upgrade Notice" in readme.txt. * Added !$array['enable'] to loop() function * rawurldecode() no longer enabled by default * Added "Strict Mode" to enable rawurldecode() * Added missing validation for limit_request * Updated Contextual Help tab information * Added "acapbot" and "semalt" to UA patterns * Added "morfeus" and "snoopy" to UA patterns * Added "__hdhdhd.php" to URI patterns * update heading hierarchy on settings page * Added settings_errors() to settings page * Now using admin_notices for alerts * Admin notices now dismissible * Added bbq_patterns_admin_notice() * Added bbq_tools_admin_notice() * Added bbq_license_admin_notice() * Added bbq_scan hook (can be used for [logging](https://plugin-planet.com/bbq-pro-log-requests/)) * Added total active pattern counts * Added bbq_active_count() function * Changed hook for bbq_reset_defaults to admin_init * Update heading hierarchy on settings page * Updated translation template file * Updated minimum version requirement * General code cleanup and testing * Tested with WordPress 4.4 beta = 1.2 (2015/07/15) = * Bugfix: Admin Area inaccessible to non-admin-level users = 1.1 (2015/07/05) = * Bugfix: disabled patterns not disabled * Updated contextual help * New language template = 1.0 (2015/06/25) = * Initial release