SQL injections are one of the fastest-growing and most threatening security concerns for websites and blogs alike. Not only is an SQL injection one of the easiest attacks that can be launched on a server, it’s also one that leaves your website data and personal information vulnerable.
And you may not even know you’re a victim until it’s too late.
Hackers can exploit this vulnerability in several ways without your knowledge. They can insert hidden links to spyware, adware and viruses. Google picks up that your site could be a risk to other users, and puts up a “This Site May Harm Your Computer” warning. You lose your hard-earned visitors, rankings and revenue.
It’s even possible that your web hosting company was the victim of the hacking, and it spread from site to site across the entire server.
What are the Symptoms of a Blog SQL Injection?
You may not even realize there’s a problem with your blog if you don’t regularly login to Cpanel, FTP or other website management systems outside of WordPress. In fact, you may find out about the hacking
- From a web-based security scanner like McAffee SiteAdvisor or Norton SafeWeb
- From Google’s diagnostic database, which can tell you if any spyware attacks have been coming from your site within the last 60 days (check your own site by replacing the EXAMPLE.com with your URL by clicking here)
- From the search engine result pages which come up with strange links or pages when you search for your own URL. An example might be searching for your site and seeing pharmaceutical links inside.
- From your visitors themselves who report getting a virus (or being redirected to a spyware site) when they visit your page.
Prevention is the First Step
The best way to protect your blog against SQL injections is to make it as inconvenient and difficult as possible for the hackers to get in.
This includes obvious things like not using “admin” as your login name (if your WordPress was setup this way, you can create a new user, give them administrative privileges and then move your “admin” posts over to your newly created username), setting a strong password and storing it in a safe location (I use Roboform and love it), and updating both your WordPress installation and your plugins as soon as new releases are available.
There are some helpful plugins that make blog management and protection easier too – but keep in mind, the more plugins you have installed on your blog, the more you could be leaving it vulnerable to being exploited, as plugin authors don’t always keep their work up to date.
WordPress Security: Recommended Paid Plugins
BackupBuddy – This paid plugin lets you backup and restore your WordPress blog and schedule regular backups for a one-time fee. Backup 2 sites for $75 or unlimited sites for $150.
VaultPress is a backup and security plugin from the same people who brought you WordPress. They have different monthly fee packages depending on the level of security you need and a new feature is coming soon that will update your plugins automatically as new ones are released – a huge help if you manage multiple blogs.
Free WordPress Security Plugins
Bulletproof Security – Protects your blog against SQL injection attacks as well as other common types of hacking and exploits.
Bei Fen – One of my favorite WordPress backup plugins, it backs up the database (where your content is stored) as well as themes, plugins, images and non-Wordpress tables. You can also schedule backups.
WordPress Firewall – Blocks many WordPress-specific hacking attempts while also letting you whitelist specific IP addresses for login.
Login Lockdown – Prevents brute-force login to your WordPress (admin) dashboard. If more than a certain number of failed logins are made from a certain IP range, Login Lockdown prevents them from attempting to login for an hour. Timeouts and IP addresses can be edited in the admin area.
WordPress Security – Share Your Thoughts!
Do you have a blog hacking horror story or security plugins that you’d recommend? Tell me about it below in the comments!