Structured Query Language (SQL) is probably the most common database language.
An SQL Injection attack is done by abusing input fields on a website. Anyone attempting an SQL Injection attack will create malicious code that, when inserted in a vulnerable field, runs SQL commands to create, update, retrieve or delete data in the database.
Nearly every CMS-based website has at least one entry point for an SQL Injection. Consider the fields in a typical site:
- contact forms
- login forms
- search forms
- shopping carts
- feedback forms
- etc
What Can You Do To Reduce the Chances of an SQL Injection Attack?
Scan Your Site for Vulnerabilities
A live site can be scanned for free at the Sucuri Site Scan website. Another useful scanning site is WordPress Security Scan.
A sophisticated command-line tool for scanning WordPress sites is wpscan.
Set up Automatic Updating of Themes, Plugins, and WordPress Itself
In WordPress, you can set themes, plugins, and WordPress itself to auto-update. I recommend this very much. But keep an automated backup.
Check your PHP Version on the Server.
In your host company control panel, you can get what version of PHP your site is running. You can usually change the version there, too. If you can’t change it there, you might need to ask your host to make the change.
You can also find the PHP version from the WordPress dashboard: Tools > Site Health > Info > Server.
Before making the a change to your PHP version, of course, test your site in your development environment against the desired version.
Do not assume that your site, even if installed through the host company control panel, is running a current version of PHP.
Hide Your WordPress Version
Add this line to functions.php and WordPress will stop outputting the version number in a meta tag:
remove_action(‘wp_head’, ‘wp_generator’);Scrutinize Your Themes and Plugins
If you’re not using a theme or plugin, delete it (keep one “standard” theme for troubleshooting). Even plugins that you use only occasionally should be deleted: you can always reinstall them.
Set your themes and plugins to update automatically.
Use Trusted Form Plugins
Probably the most widely used and trusted form plugins would be , Ninja Forms, Gravity Forms, WP Forms, and Contact Form 7. Of those four, Contact Form 7 is probably the least intuitive to use.
Other General Anti-Hack Strategies
Maintain Automated Backups
Even if your host backs up your site, I still highly recommend the free version of Updraft Plus for setting up an automatic backup to off-host storage. You can specify cloud shares like Dropbox, Google Drive etc.