Beschreibung
Install, activate, and done!
Powerful protection from WP’s fastest firewall plugin.
BBQ Firewall is a lightweight, super-fast plugin that protects your site against a wide range of threats. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(
, base64_
, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a strong Apache/.htaccess firewall.
Adds a strong firewall to ANY WordPress site
Works with all WordPress plugins and themes
Powerful Protection
BBQ protects your site against many threats:
- SQL injection attacks
- Executable file uploads
- Directory traversal attacks
- Unsafe character requests
- Excessively long requests
- PHP remote/file execution
- XSS, XXE, and related attacks
- Protects against bad bots
- Protects against bad referrers
- Protects against bad POST content
- Protects against many other bad requests
Works great with Blackhole for Bad Bots
Awesome Features
BBQ provides all the best firewall features:
- Rated 5 stars at WordPress.org
- 100% plug-&-play, zero configuration
- 100% focused on security and performance
- Blocks a wide range of malicious URL requests
- Fastest Web Application Firewall (WAF) for WordPress
- Based on the 6G/7G Firewall
- Scans all incoming traffic and blocks bad requests
- Scans all types of requests: GET, POST, PUT, DELETE, etc.
- Protects against known bad bots and referrers
- Works silently behind the scenes to protect your site
- Hassle-free security plugin that’s easy to use
- Thoroughly tested, error-free performance
- Extremely low rate of false positives
- Compatible with other security plugins
- Regelmäßig aktualisiert und „zukunftssicher“.
- Firewall < 10 kilobytes in size
- Lightweight, fast and flexible
For advanced protection and features, check out BBQ Pro »
BBQ = Block Bad Queries
Datenschutz
Dieses Plugin sammelt oder speichert keine Benutzerdaten. Es setzt keine Cookies und stellt keine Verbindung zu den Standorten Dritter her. Daher beeinträchtigt dieses Plugin in keiner Weise die Privatsphäre der Benutzer.
BBQ Firewall is developed and maintained by Jeff Starr, 15-year WordPress developer and book author.
Support development
Ich entwickle und pflege dieses kostenlose Plugin mit Liebe für die WordPress-Community. Um deine Unterstützung zu zeigen, kannst du eine Spende machen oder eines meiner Bücher kaufen:
- The Tao of WordPress
- Digging into WordPress
- .htaccess made easy
- WordPress Themes In Depth
- Wizard’s SQL Recipes for WordPress
And/or purchase one of my premium WordPress plugins:
- BBQ Pro – Superschnelle WordPress-Firewall
- Blackhole Pro – Schlechte Bots automatisch blockieren
- Banhammer Pro – Den Verkehr überwachen und die Bösewichte bannen.
- GA Google Analytics Pro – Die eigene Website mit Google Analytics verbinden
- Simple Ajax Chat Pro – Unlimited chat rooms
- USP Pro – Unbegrenzte Front-End-Formulare
Links, tweets and likes also appreciated. Thank you! 🙂
Installation
Installing BBQ
- Install, activate, done.
Once active, BBQ automatically protects your site against threats. Quietly, behind the scenes. For more control and stronger protection, check out BBQ Pro »
More info on installing WP plugins
Customizing
- To allow patterns otherwise blocked by BBQ, check out the BBQ whitelist plugin
- To block patterns otherwise allowed by BBQ, check out the BBQ blacklist plugin
- To customize long-request blocking, pattern-match logging, and response headers, check out BBQ customize plugin
- To display the total block count on the plugin settings page, check out BBQ count blocked requests
Note that the Pro version of BBQ makes it possible to customize patterns and everything else directly via the plugin settings, with a click. BBQ Pro also displays the current block count for each firewall rule, like this.
Uninstalling
This plugin cleans up after itself. All plugin settings will be removed from your database when the plugin is uninstalled via the Plugins screen.
Gefällt dir das Plugin?
If you like BBQ, please take a moment to give a 5-star rating. It helps to keep development and support going strong. Thank you!
FAQ
-
How to test that the plugin is working?
-
To test that the plugin is working, you can request any of the blocked patterns. For example, visit your site’s homepage and enter the following URL:
https://example.com/eval(
Replace
example.com
with your site’s actual domain. If BBQ is active, the request for that URL will be blocked (with a „403 Forbidden“ status). This means the plugin is working properly. You can test other patterns as well. To view all the patterns blocked by BBQ, look at the functionbbq_core()
located inblock-bad-queries.php
. -
Bietest du weitere Sicherheits-Plugins an?
-
Yes, three of them:
- BBQ Firewall for super-fast firewall security
- Blackhole for Bad Bots to protect your site against bad bots
- Banhammer to monitor and ban any user or IP address
Pro versions with more features available at Plugin Planet.
-
Do I need to do anything else for BBQ to work?
-
Nein, installiere einfach und entspanne dich in dem Wissen, dass BBQ deine Website vor schlechten URL-Anfragen schützt.
-
Where are the plugin settings?
-
Für BBQ sind keine Einstellungen erforderlich! Alles wird automatisch hinter den Kulissen erledigt. Keine Konfiguration erforderlich. Die kostenlose Version von BBQ ist strikt plug-n-play, set-it-and-forget-it, ohne jegliche Einstellungen, die konfiguriert werden müssen. Einfach installieren, aktivieren und sich über bessere Sicherheit und robusten Schutz vor böswilligen Anfragen freuen. Die Pro-Version von BBQ ist genauso schnell und einfach zu bedienen, aber viel leistungsfähiger und enthält robuste Einstellungen zur Anpassung und Feinabstimmung der eigenen Firewall.
-
Is BBQ free version compatible with Wordfence?
-
Ist es sinnvoll, beide zu benutzen? Ja, BBQ free und BBQ Pro sind beide mit jedem Plugin kompatibel, das gemäß der WP-API geschrieben wurde. Und ja, es ist von Vorteil, BBQ mit jedem anderen Sicherheits-Plugin, einschließlich Wordfence, zu verwenden. Sie schützen vor verschiedenen Bedrohungen, so dass du mit beiden Mitteln besonders sicher bist.
-
Does BBQ make changes to my .htaccess file?
-
Auf keinen Fall. Im Gegensatz zu anderen Sicherheits-/Firewall-Plugins nehmen weder BBQ (kostenlose Version) noch BBQ Pro irgendwelche Änderungen an einer .htaccess-Datei vor.
-
Does BBQ make any changes to my WP database?
-
Nein, die kostenlose Version von BBQ funktioniert, wenn jede Seite geladen wird; sie nimmt keinerlei Änderungen an der WP-Datenbank vor.
-
Does BBQ block malicious strings included in arrays?
-
Ja, BBQ scannt alle Arrays, die in der URI-Anforderung enthalten sind. Wenn übereinstimmende Muster gefunden werden, wird die Anforderung blockiert.
-
Mein PHP-Scanner/Checker-Plugin sagt, dass ein Fehler vorliegt?
-
Wenn zum Beispiel dein PHP-/Plugin-Scanner etwas meldet wie „
0x3c62723e
gefunden, was schlecht ist“. Normalerweise würdest du solche schlechten Codefolgen nicht finden wollen, aber es gibt eine Ausnahme für Sicherheits-Plugins. Denke darüber nach: Um eine böse Zeichenfolge zu blockieren, muss BBQ darüber Bescheid wissen. Jede schlechte Zeichenkette, die von BBQ blockiert wird, wird also in die „Blacklist“ des Plugins aufgenommen. Das bedeutet, wenn ein PHP-Scanner BBQ prüft und einige bekannte schlechte Zeichenketten findet, bedeutet das nur, dass der Scanner die Liste der von BBQ blockierten Begriffe entdeckt hat. Mit anderen Worten: BBQ enthält statische Zeichenfolgen nicht funktionalen Texts, um böswillige Anfragen an deine Website abzugleichen und zu blockieren. Ich hoffe, dass dies Sinn ergibt, zögere nicht, mich zu kontaktieren, wenn ich weitere Informationen geben kann. -
Do I need WordPress to run BBQ?
-
Nein! BBQ ist in den folgenden Geschmacksrichtungen erhältlich:
So kann man sich das eigenständige PHP-Skript für Websites, auf denen WordPress nicht läuft, ansehen.
-
Can I use BBQ and 7G/8G Firewall at the same time?
-
Full question: „Except most of the rules overlapping, is it counter productive (site slowing down for example, potential conflicts, bugs) or is there any risks using 7G/8G Firewall + BBQ at the same time?“
Answer: It’s fine to run both BBQ and 7G/8G Firewall at the same time. Both firewalls are super fast, so they won’t slow things down. In other words the two firewalls play well together. The only downside is that some of the rules will be redundant, but there should be no negative impact on performance. The upside is that you get extra protection when using both, as there are variations in the firewall rules and patterns, etc.
-
My PHP checker found something?
-
If you are using some PHP checker that’s reporting an error or bad string in BBQ, it’s a false positive and safe to ignore. Why? Because the PHP checker is finding the static strings/patterns that BBQ uses to identify and block bad requests. In other words, your PHP checker is finding a static string thinking it is live code. It’s not. If possible, please take a moment to report this to the developers of your PHP checker. They should be happy to improve the accuracy and quality of their plugin. More info.
-
How to enable logging?
-
You can use a free addon to display the total number of blocked requests on the BBQ settings page. Here is a guide that explains how to set it up.
Alternately, BBQ can be configured to log the matching pattern for each blocked request. When match-logging is enabled, BBQ will add a log entry in the site’s default error log. To enable match logging, use the free customize plugin.
Note that the Pro version of BBQ displays the current block count for each firewall rule, like this. All automatic, fiddling with code NOT required 🙂
-
Got a question?
-
Sende Fragen oder Feedback über mein Kontaktformular.
Rezensionen
Mitwirkende & Entwickler
„BBQ Firewall – Fast & Powerful Firewall Security“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:
Mitwirkende„BBQ Firewall – Fast & Powerful Firewall Security“ wurde in 14 Sprachen übersetzt. Danke an die Übersetzerinnen und Übersetzer für ihre Mitwirkung.
Übersetze „BBQ Firewall – Fast & Powerful Firewall Security“ in deine Sprache.
Interessiert an der Entwicklung?
Durchstöbere den Code, sieh dir das SVN Repository an oder abonniere das Entwicklungsprotokoll per RSS.
Änderungsprotokoll
If you like BBQ, please take a moment to give a 5-star rating. It helps to keep development and support going strong. Thank you!
2023/10/26
- Adds
.msi
to Request URI patterns - Adds
etc/hosts
,etc/motd
,etc/shadow
to Request URI patterns - Fixes bug with translation on settings page
- Updates default translation template
- Updates custom banner notice
- Tests on WordPress 6.4 (beta)
2023/07/18
- Improves localization function
- Improves sanitization of variables
- Updates default translation template
- Adds PHP constant,
BBQ_BASE_FILE
- Adds custom notice on settings page
- Adds information about BBQ addons
- Improves plugin documentation
- Tests on WordPress 6.3 (beta)
2023/03/03
- Adds action hook
bbq_response
- Adds filter hook
bbq_count_plugin_path
- Adds button to test firewall active
- Streamlines firewall functionality
- Tweaks styles on plugin settings page
- Appends version number to CSS/JS URLs
- Improves logic when calling
get_current_screen()
- Adds rate and support links to plugin settings page
- Adds
bbq_long_req_length
filter for long-request length - Displays blocked count on settings screen (when enabled)
- Updates whitelist/blacklist addons
- Updates customize addon
- Adds plugin screenshots on settings page
- Generates new translation template
- Tests on WordPress 6.1 + 6.2 (beta)
- Tests on PHP 8.1 and 8.2
2022/10/02
- Adds custom footer text to plugin settings
- Improves plugin documentation
- Updates translation template
- Tests on WordPress 6.1
2022/05/17
- Removes
.inc
from firewall patterns - Tests on WordPress 6.0
2022/01/22
- Disables POST data scanning by default
- Tests on WordPress 5.9
2022/01/18
- Refactors for improved performance
- Improves checking of POST requests
- Adds filter hook
post_items
- Adds filter hook
bbq_post_scanning
- Adds
/.env
to Request URI patterns - Adds
c99.php
to Request URI patterns - Updates blacklist and customize addons
- Improves loading of translations
- Updates some links to external resources
- Changes minimum required WP version to 4.6
- Tests on WordPress 5.9
2021/07/19
- Removes
ambien
from referrer patterns - Tests on WordPress 5.8
2021/02/11
- Removes
zune
pattern from user agents - Removes
ninja
pattern from user agents - Tests on WordPress 5.7
2020/12/09
- Tweaks query string pattern for optimal matching
- Further tests on WordPress 5.6
2020/12/08
- Removes
order
pattern from Query String rules - Removes
ahrefs
pattern from User Agent rules
2020/11/23
- Removes
python
from the User Agent rules - Adds filter for URI long-request blocking
- Adds filter for enabling logging of blocked requests
- Releases customize plugin to change default functionality
- Further tests on WordPress 5.6
2020/11/16
- Improves XSS protection
- Improves logic of
bbq_core()
- Integrates 7G patterns to firewall rules
- Removes some redundant firewall patterns
- Adds protection against excessive characters
- Adds logging functionality (disabled by default)
- Adds filter hooks to customize blocked response
- Replaces
guangxiymcd
withwww\.(.*)\.cn
- Changes plugin name to „BBQ Firewall“
- Updates default translation template
- Updates/refines readme.txt
- Tests on PHP 7.4 and 8.0
- Tests on WordPress 5.6
2020/08/11
- Replaces
guangxiymcd
with wildcard matchwww.(.*).cn
- Refines readme/documentation
- Tests on WordPress 5.5
2020/07/06
- Adds
guangxiymcd
to Request URI and Query String patterns - Tests on WordPress 5.4 + 5.5 (alpha)
2020/03/19
- Tests on WordPress 5.4
2019/11/09
- Changes to
plugins_url()
forBBQ_URL
constant - Tests on WordPress 5.3
2019/09/02
- Updates some links to https
- Tests on WordPress 5.3 (alpha)
2019/05/01
- Bumps minimum PHP version to 5.6.20
- Adds activation check if BBQ Pro is active
- Updates default translation template
- Tests on WordPress 5.2
2019/03/11
- Improves function
bbq_action_links()
- Refines plugin settings screen UI
- Generates new default translation template
- Tests on WordPress 5.1 and 5.2 (alpha)
2019/02/20
- Tests on WordPress 5.1
2018/11/17
- Adds homepage link to Plugins screen
- Updates default translation template
- Tests on WordPress 5.0
21.08.2018
- Removes
.tar
from Request URI patterns - Adds
rel="noopener noreferrer"
to all blank-target links - Updates GDPR blurb and donate link
- Regenerates default translation template
- Weitere Tests für WP 4.9 und 5.0 (alpha)
2018/05/11
- Adds
xrumer
to blocked query strings and request URIs - Adds
indoxploi
to blocked query strings and request URIs - Generates new translation template
- Tests on WordPress 5.0
2017/11/01
- Updates readme.txt 🙂
- Tests on WordPress 4.9
2017/10/19
- Changes
\/\.tar
to\.tar
in Request patterns - Changes
\/\.bash
to\.bash
in Request patterns - Adds new User Agent patterns:
shellshock
,md5sum
,\/bin\/bash
- Adds new Request patterns:
@@
,@eval
,\/file\:
,\/php\:
,\.cmd
,\.bat
,\.htacc
,\.htpas
,\.pass
,usr\/bin\/perl
,var\/lib\/php
,wp-config\.php
- Adds new Query String patterns:
@@
,\(0x
,0x3c62723e
,\(\)\}
,\:\;\}\;
,\;\!--\=
,@eval
,eval\(
,base64_
,UNION(.*)SELECT
,\/config\.
,\/wwwroot
,\/makefile
,\$_session
,\$_request
,\$_env
,\$_server
,\$_post
,\$_get
,phpinfo\(
,shell_exec\(
,file_get_contents
,allow_url_include
,disable_functions
,auto_prepend_file
,open_basedir
,(benchmark|sleep)(\s|%20)*\(
- Tests on WordPress 4.9
30.07.2017
- Name des Menüpunkts in „BBQ Firewall“ geändert
- Tests unter WordPress 4.9 (alpha)
22.02.2017
- Adds plugin settings page
- Adds French translation (thanks to Bouzin)
- Generates new default translation template
- Tests on WordPress version 4.8
14.11.2016
- Replaces
esc_html
withesc_attr
for link title attributes - Changes stable tag from trunk to latest version
- Adds
»
to rate this plugin link - Updates URL for rate this plugin link
- Moves „Go Pro“ link to action links
- Renames action/meta link functions
- Updates default translation template
- Tests on WordPress version 4.7 (beta)
10.08.2016
- Added translation support
- Added plugin icons and larger banner
- General fine-tuning and testing
- Tested on WordPress 4.6
28.03.2016
- Removed
\:\/\/
from Request URI and Query String patterns (see this thread) - Added
(benchmark|sleep)(\s|%20)*\(
to Request URI patterns (thanks to smitka) - Tested on WordPress 3.5 beta
07.11.2015
- Added
\.php\([0-9]+\)
,__hdhdhd.php
to URI patterns (Thanks to George Lerner) - Added
acapbot
,semalt
to User Agent patterns (Thanks to George Lerner) - Replaced
UNION.*SELECT
withUNION(.*)SELECT
in Request URI patterns - Added
morfeus
,snoopy
to User Agent patterns - Refactored redirect/exit functionality
- Renamed
rate_bbq()
tobbq_links()
- Tested with WordPress 4.4 beta
08.08.2015
- Tested on WordPress 4.3
- Updated minimum version requirement
- Highlighted Pro link on Plugins screen
24.06.2015
- Replaced
UNION\+SELECT
withUNION.*SELECT
- Added
wp-config.php
to query-string patterns - Added plugin link to BBQ Pro
- Testing on WP 4.3 (alpha)
07.05.2015
- Tested with WP 4.2 and 4.3 (alpha)
- Replaced some
http
withhttps
in readme.txt
14.03.2015
- introduce
bbq_core()
- tested on latest WP
- tightened up code
22.09.2014
- tested on latest version of WordPress (4.0)
- retested on Multisite
- increased minimum version requirement to WP 3.7
05.03.2014
- Bugfix: added conditional checks for empty variables
23.01.2014
- tested on latest version of WordPress (3.8)
- added link to rate plugin
03.11.2013
- removed
?>
from script - added optional line for blocking long URLs
- added line to prevent direct access to BBQ script
- added
\;Nt\.
,\=Nt\.
,\,Nt\.
to request URI items - tested on latest version of WordPress (3.7)
07.07.2013
- replaced
Nt\.
with\/Nt\.
(resolves comment editing/approval issue)
05.07.2013
- removed
https\:
(from previous version) - replaced
\/https\/
with\/https\:
- replaced
\/http\/
with\/http\:
- replaced
\/ftp\/
with\/ftp\:
04.07.2013
- removed block for
jakarta
in user-agents - removed
union
from query strings - added to request-URI:
\%2Flocalhost
,Nt\.
,https\:
,\.exec\(
,\)\.html\(
,\{x\.html\(
,\(function\(
- resolved PHP Notice „Undefined Index“ via
isset()
03.01.2013
- removed block for
CONCAT
in request-URI - removed block for
environ
in query-string - removed block for
%3C
and%3E
in query-string - removed block for
%22
and%27
in query-string - removed block for
[
and]
in query-string (to allow unsafe characters used in WordPress) - removed block for
?
in query-string (to allow unsafe character used in WordPress) - removed block for
:
in query-string (to allow unsafe character used by Google) - removed block for
libwww
in user-agents (to allow access to Lynx browser)
08.11.2012
- Removed
:
match from query string (Google disregards encoding) Scanner
-Abfrage entfernt- Quellcode für eine bessere Performance optimiert (Danke an juliobox)
Ältere Versionen
- 27.10.2012 – Prüfung für lange Zeichenfolgen deaktiviert; Prüfung auf Scanner deaktiviert
- 26.10.2012 – Plugin mithilfe der 5G/6G-Technologie neu erstellt
- 21.02.2001 – Readme.txt-Datei aktualisiert
- 30.12.2009 – Prüfung für Admin-Benutzer hinzugefügt
- 30.12.2009 – Zusätzliche Abfrage-Zeichenfolgen hinzugefügt.