WP Ghost with BBQ Firewall – Firewall Overlap and Configuration Options
October 20, 2021
This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.
WP Ghost (formerly Hide My WP Ghost) and BBQ Firewall are compatible with significant firewall overlap. Both use similar nG-series firewall rules to block SQL injection, XSS, and malicious requests. WP Ghost already includes 7G and 8G firewall rules, which cover the same attack patterns BBQ blocks. If you use WP Ghost’s firewall, BBQ is redundant. If you prefer BBQ’s approach, disable WP Ghost’s firewall and use BBQ for request filtering while WP Ghost handles path security.
The Firewall Overlap
BBQ Firewall is a lightweight plugin that blocks malicious requests by checking for dangerous patterns like eval(), base64_, excessively long request strings, and SQL injection attempts. WP Ghost’s built-in 7G and 8G Firewall blocks the same types of patterns. Both are based on the nG-series firewall rules. Running both means double-checking every request against similar rule sets, which adds processing without adding security. Choose one for request filtering.
What to Activate in Each Plugin
Option A: Use WP Ghost for everything (recommended)
WP Ghost’s 7G/8G firewall covers what BBQ does, plus WP Ghost provides path security, brute force protection, 2FA, security headers, text mapping, and more. You can deactivate BBQ and use WP Ghost alone.
Option B: Use BBQ for firewall, WP Ghost for everything else
If you prefer BBQ’s firewall (lighter weight, fewer settings), disable WP Ghost’s 7G/8G Firewall at WP Ghost > Firewall > Firewall and let BBQ handle request filtering. Use WP Ghost for all path changes, security headers, brute force protection, 2FA, and mapping features.
Feature Comparison
| Feature Category | WP Ghost | BBQ Firewall |
|---|---|---|
| Path Security (wp-admin, login, plugins, themes, uploads, REST API) | Yes | – |
| 7G / 8G Firewall (nG-series request filtering) | Yes | Yes |
| SQL Injection Protection | Yes | Yes |
| Security Headers (HSTS, CSP, X-Frame-Options) | Yes | – |
| Two-Factor Authentication (Code, Email, Passkeys) | Yes | – |
| Brute Force Protection & reCAPTCHA | Yes | – |
| IP Blacklist / Whitelist | Yes | – |
| Country Blocking | Yes | – |
| Text, URL, and CDN Mapping | Yes | – |
| Activity Log & Email Alerts | Yes | – |
| Zero Configuration Required | – | Yes |
Frequently Asked Questions
Can I run both plugins at the same time?
Yes, they will not break anything. But running both firewalls means every request is checked twice against similar rules, adding processing without extra security. Disable one firewall for efficiency.
Do I need BBQ if I use WP Ghost’s 7G/8G firewall?
No. WP Ghost’s 7G/8G firewall covers the same attack patterns (SQL injection, XSS, eval(), base64, long strings). BBQ is redundant if WP Ghost’s firewall is active. BBQ’s advantage is its simplicity — zero configuration, activate and forget.
Is BBQ lighter than WP Ghost’s firewall?
BBQ is a single-purpose firewall with very low overhead. WP Ghost’s firewall is one component of a larger security suite. If you only need request filtering and nothing else, BBQ is lighter. But most sites need path security, brute force protection, and headers too — WP Ghost provides all of these in one plugin.
Does WP Ghost modify WordPress core files?
No. WP Ghost uses rewrite rules and WordPress hooks. No core files modified. Deactivating restores all defaults.
Related Tutorials
Customize All WordPress Paths – features BBQ does not offer.
Brute Force Protection – login protection BBQ does not include.
Header Security – security headers BBQ does not provide.
Compatibility Plugins List – all tested security plugins.
Website Security Check – verify your configuration.
