Wordpress Remote SQL Injection most likely not a destructive job for your Wordpress blog, they just inject a redirect or iframe to their own page/website. This is a blackhat SEO injection technique that could hurt your website SEO campaign.
To prepare yourself, read some tips below:
- Always check your AWSTATS to determine your suspicious visitor activity.
- Backup your Wordpress files and database weekly incase you need to restore it if needed
- Always update your Wordpress instalation to the latest stable version. On the main dashboard, youll always see new release information.
If you have to keep to use an old Wordpress version, make sure that you hide your Wordpress version. A lot of attackers and automated tools will try and determine software versions before launching exploit code. Removing your WordPress blog version may discourage some attackers and certainly will mitigate virus and worm programs that rely on software versions.
Please note that hiding your WordPress version may break any plugins you have which are version dependent.
Then how to avoid Wordpress Remote SQL Injection?
I found this some Wordpress Security Scan plugin that will scan your WordPress installation for security vulnerabilities and suggests corrective actions.Such
- passwords
- file permissions
- database security
- version hiding
- WordPress admin protection/security
- removes WP Generator META tag from core code
You can download this useful plugin form Wordpress plugin page
And to complete your mission to fight the Wordpress Remote SQL Injection, set the file permission (chmod) to 444 (r???r???r???) or read-only to these Wordpress files:
- index.php
- wp-config.php
- wp-setting.php
- All your themes file located on wp-content/themes
Note: Actually you can set all files on your root Wordpress directory to 444 (exclude the sitemap or any 666 needed files)
This last tips completely rocks!
Let me how it works for you and say something to fight the Wordpress SQL Injection!
5 stars - based on 11 reviews
