Image by doug88888 via Flickr

SQL injection is a hacking method that uses vulnerability in the scripts that uses data bases and direct inputs from users, the way it works is that instead of putting for example a pin code or telephone number you will enter a piece of code(SQL code) and because the software does not filter and check the input data it will execute it for you.

Using this method the hacker can find out almost any information that they want through your database and do whatever they want to your site which is not a good thing for the site administrator.

“The best cure is prevention”.

The best way to protect yourself from this attacks are preventing them from happening in the first place so if you are developing a software for your client (or yourself) as a rule of thumb if you get the data filter it and filter it again before executing the sql statement. Check and make sure they have entered only what they are supposed to enter ie, number for pin #, string for name and email for email and nothing else.

Limit the times that a user can try logging in to your site this is specially true about opensource applications like WordPress that as default you can try as many times as you want to login o the site.

In the case of WordPress you can use WordPress plugins that validate all entries by users from comment form and contact forms to search box at the top and can verify that user is entering what they are supposed to.

Always backup your site regularly. If you are updating the site once a week backup once a week, if you are updating the site every day backup every day. Then download the backup as well as store it  in a secure server like s3 Amazon or any secure server. Again with WordPress you can Automate this using plugins that are available.

Scan your site for vulnerabilities. This way you know what could go wrong and you can fix it before it happens.

For More information about SQL injections and how to prevent them try reading this post on SQL injection  or Read this Article .

%d bloggers like this: