Security WordPress

Protect WordPress Installation from Malicious URL Requests using BBQ

This plugin is actually a script which protects your installation from Base64 encrypted and excessively long request strings by monitoring all incoming traffic to your website. It is based on 5G ( and 6G ( blacklists, which are carefully constructed directives for your site’s root .htaccess file and works silently in the background. You won’t find any configuration page for the plugin, as it is a plug-n-play functionality based plugin.

Both 5G and 6G blacklists are very helpful and quite efficient in blocking malicious IP addresses, user agents, referrers, bad requests and query strings. By blocking bad requests you can conserve your website’s/CDN account’s bandwidth and server resources.

Important Notes:

  • The script sometimes blocks legitimate visitors too. If you are experiencing problems accessing your website or your visitors are reporting problems, then maybe you are required to remove/edit some directives in your .htaccess file after researching the issue properly.
  • The blacklist requires these modules and directives to work properly on your server: mod_alias (RedirectMatch), mod_rewrite (RewriteCond/RewriteRule), mod_setenvif (SetEnvIfNoCase User-Agent) and “Order Allow,Deny”.

The plugin may conflict with some existing security plugins of your installation or with external services or your theme’s framework. If you are experiencing problems just after installing the plugin, then you may want to head over to BBQ’s Official Plugin Support Forum using this link: