All about SQL Injection Attacks on Wordpress

I am taking a short break from the Gimp Video Tutorial Series.  The last few days I have been in recovery mode after my site was hacked.  My site wasn’t coming up, and I couldn’t even get to the administration area.  It turns out (after much research) that the attack was an SQL Injection.  

Also called an SQL insertion attack, this form of hack is accomplished by inserting SQL Database code into a webform or some part of a site that is run on top of a database.  Now this does sound a bit complex, but it can have some dire consequences.  

I am far from a security expert, but necessity is the mother of invention.  I have learned that if you have a Blog you need to become a mini security expert.  

So this "rogue" SQL statement is executed, causes your database to freak out, and allows the hacker to manipulate files and routines on your website that generally only you have power over. 

In my case the attack inserted code into all my index.php files.  The code was a type of re-direction that if it was successful would have directed visitors to another website (some site in .ru).  It turns out that the code was not inserted properly and just broke the index.php files and gave a WSOD (white screen of death) when my site was visited.

I fixed my site after the first attack, and within 24 hours I had another one.  Same files, same symptoms.  Nevertheless I appear to have recovered and am in the clear (for now).  Here are the steps I have taken to insure security of my websites:

• Directories: 0755 
• Files:  0644

2.  Install Security Plugins for Wordpress Installation

The Plugins I recommend are:

I recommend visiting these sites for details.  These are great plugins that can provide peace of mind. 

The bottom line is that it is not if your site gets hacked, but when.  You need to be prepared, and I hope that this post finds it’s way on to the search engines so that it can help others. 

Let me know in the comments, or in an e-mail of any additional precautions you take with your sites.

-Loren

Tags: Antivirus, Education, hacking, online learning, SQL, The Teaching Box, Virus

This entry was posted on Saturday, August 22nd, 2009 at 10:19 pm and is filed under My Thoughts, Teaching. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.