• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 366
  • Last Modified:

Wordpress sql attack and more security

I tried the wordpress site first, but no replies.
I had a couple of emails this week from WordPress Firewall saying that it had detected and blocked a potential attack; path below with blog address removed.

 Blog_address/index.php?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58))+FROM+wp_users+where+id=1/*

This obviously was an attack, because I made no changes and I don't know anyone in Belarus!
Now, the firewall stopped this, but is there anymore security I can put in place?
I have an htaccess file in the root of web and root of blog, but in my limited knowledge, is my index.php safe? Do I need to do anymore than have Firewall installed and latest version of WordPress?
I have login lockdown as well.
Cheers
John
0
jasonbournecia
Asked:
jasonbournecia
1 Solution
 
devindCommented:
Most probably you are face SQL injection attack. Word Press is prone to such attacks but they do fix them in latest releases. So make sure you are on the latest release.

Google it to find more about Wordpress SQL Injection and you will see solution for known issues for various version of Wordpress
0
 
jasonbourneciaAuthor Commented:
Thanks devind, I'll do some more scouting
John
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now