BBQ Firewall is a lightweight, super-fast plugin that protects your site against a wide range of threats. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like
base64_, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a strong Apache/.htaccess firewall.
BBQ is the lightest, fastest firewall plugin for WordPress.
Welcome to BBQ
BBQ adds a powerful firewall to your WordPress site. That’s it. No bells. No whistles. No bloat. Just a lean, mean bad-request blocking machine.
To use BBQ on any WordPress-powered site, install and activate the plugin via the WP Admin Area. Then sit back and enjoy the automatic, behind-the-scenes protection and a more secure website. No configuration required, just activate and done. BBQ is 100% plug-&-play, lightweight super fast, super strong WAF firewall.
BBQ adds powerful firewall protection with a few clicks.
Verify BBQ is working
Once BBQ is installed and active, you can verify that it’s working by requesting any of the following URLs (replace
example.com with your own domain name).
These are just examples of the type of garbage that’s blocked by BBQ. If your server returns a 403 “Forbidden” response for these examples, BBQ is working properly. Silently protecting your site behind the scenes.
Note that additional tests are possible using the patterns contained in the firewall rules, located in the main plugin file,
How BBQ works
BBQ basically is an adaptation of my Apache/.htaccess G-series firewalls ported to PHP/WordPress. The plugin works by defining a set of regular expressions to match and block malicious URL requests. The BBQ firewall rules have been refined and battle tested for years, with false positive rates near zero. It’s a simple, effective, lightweight solution that’s easy on server resources.
BBQ scans the following parts of each request:
- The Request URI
- The Query String
- The User Agent
Also for each request, BBQ checks all available request methods, GET, POST, PUT, DELETE, etc. Checking these variables against a strategically crafted set of known attack patterns is an effective way to protect your site against a wide range of threats.
If BBQ detects foul play in any part of the request, it is blocked immediately via 403 “Forbidden” response.
Check the following articles for more information on the underlying functionality:
Download BBQ Firewall
Download BBQ from the WordPress Plugin Directory:
Need help? Contact anytime via my contact form.