A new feature in Bad Behavior v1.2.2 blocks all requests that carry a blank user-agent string. This is actually a good thing, because blank user-agents appear to have become a popular technique among spammers to avoid basic user-agent blocks. Generally, if you found a legitimate request to have been blocked by the new blank user-agent filtering, you would add the IP of that request to your whitelist in order to allow it to pass by Bad Behavior next time. Unfortunately, this feature also cripples WordPress’ ability to send pingbacks.
WordPress seems to confirm its received pingbacks using a blank user-agent, and any attempt to send a pingback while using Bad Behavior v1.2.2 will fail, because the confirmation request from the pinged blog will be blocked by Bad Behavior for having a blank user-agent. There are currently two ways to prevent this. You could add the IPs for every WordPress blog that you know to your whitelist, or you could disable the blank user-agent block by removing lines 49-52 of bad-behavior-user-agent.php, as detailed in Changeset #3535. Since Michael and I believe that this is actually a WordPress problem, I have submitted Bug #1713, which requests that future versions of WordPress identify themselves with a simple “WordPress” user-agent, rather than a blank user-agent.
Update: Michael has added a patch to Bug #1713. This patch is for both WordPress v1.5.2 and v1.6 (alpha, aka “do not use”), and fixes the above-mentioned issue by assigning a simple “WordPress” user-agent to your WordPress blog. If you do not want to apply the patch, disabling Bad Behavior’s blank user-agent block, as mentioned above, is still a valid solution to this issue.
Update 2: Bug #1713 has been officially addressed and fixed by Changeset #2933. Thanks, Ryan!
