Thank you for reaching out to us. Does your downloads have any type of protection? Or is it a free download offer?
Kind regards.
They are public. not protected.
Last version of module is installed.
Best regards
-
This reply was modified 1 week, 2 days ago by
fefed222.
Thank you for sharing that information. I am thinking that perhaps your site has been targeted. I suggest that you now try to have a simple type of protection for your downloads to see what happens. The following documentation can help you.
https://simple-download-monitor.com/how-to-password-protect-your-wordpress-downloads/
Let me know if this helps you.
Kind regards.
Plugin Contributor
Ruhul
(@tips-and-tricks-hq)
Thanks for flagging this. There’s nothing to be alarmed about here, what you’re seeing is a generic, automated SQL injection probe, not a successful breach.
Bots constantly scan WordPress sites and throw thousands of these injection payloads at known plugin parameters (in this case sdm_process_download) just to see if anything sticks. The fact that Wordfence blocked it means your protection is doing exactly what it should. Importantly, the plugin sanitizes its query inputs, so these attempts wouldn’t succeed against the download parameter even if Wordfence weren’t in front of them.
As long as the site is functioning normally and you’re on the latest plugin version (which you’ve confirmed), there’s no action you need to take. This kind of background noise is routine for any public-facing site.
Hello,
thanks for your feedback.
best reagrds