Prevent Wordpress SQL Injection Hacking

SQL injection describes a class of these attacks in which hackers embed commands in a URL that trigger behaviors from the database. wordpress SQL injection attack is increasing nowa days. These attacks can reveal sensitive information about the database, potentially giving hackers entrance to modifying the actual content of your site. Many of today's web site defacement attacks are accomplished by some form of SQL

Injection.

By the following code can help u to prevent it. Apache server have a file namely .htaccess add the below code in it.

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteCond %{REQUEST_

METHOD} ^(HEAD|TRACE|

DELETE|TRACK) [NC]

RewriteRule ^(.*)$ - [F,L]

RewriteCond %{QUERY_

STRING} \.\.\/ [NC,OR]

RewriteCond %{QUERY_

STRING} boot\.ini [NC,OR]

RewriteCond %{QUERY_

STRING} tag\= [NC,OR]

RewriteCond %{QUERY_

STRING} ftp\: [NC,OR]

RewriteCond %{QUERY_

STRING} http\: [NC,OR]

RewriteCond %{QUERY_

STRING} https\: [NC,OR]

RewriteCond %{QUERY_

STRING} (\<|%3C).*script.*(\>|

%3E) [NC,OR]

RewriteCond %{QUERY_

STRING} mosConfig_[a-zA-Z_]

{1,21}(=|%3D) [NC,OR]

RewriteCond %{QUERY_

STRING} base64_encode.*

\(.*\) [NC,OR]

RewriteCond %{QUERY_

STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|

\*|=$).* [NC,OR]

RewriteCond %{QUERY_

STRING} ^.*(&#x22;|&#x27;|

&#x3C;|&#x3E;|&#x5C;|&#

x7B;|&#x7C;).* [NC,OR]

RewriteCond %{QUERY_

STRING} ^.*(%24&x).* [NC,OR]

RewriteCond %{QUERY_

STRING} ^.*(%0|%A|%B|%C|%

D|%E|%F|127\.0).* [NC,OR]

RewriteCond %{QUERY_

STRING} ^.*(globals|encode|

localhost|loopback).* [NC,OR]

RewriteCond %{QUERY_

STRING} ^.*(request|select|

insert|union|declare).* [NC]

RewriteCond %{HTTP_

COOKIE} !^.*wordpress_

logged_in_.*$

RewriteRule ^(.*)$ - [F,L]

</IfModule>