I hope this is the right place to ask for help. I am baffled by hackers able to insert database rows.
Take a look at this Testimonial page.
You will notice the last entry is by a hacker.
A Testimonial will be inserted by processing this screen:
The link to this page is found on an Admin screen with is WordPress password secured. That's one level of security.
You will notice on the page that you have to enter an answer, which should eliminate bots. Thats the second level of security.
This is a php program. Once you enter the information there is a third level of security built within the program. The person needs to be logged in and their security level MUST be at the Admin level, otherwise an error screen is returned and a Testimonial row is not inserted.
I am baffled as to how hackers are able to insert a Testimonial row by going around these security levels. I have this same code on other websites that are NOT WordPress sites. This problem does not exist on those site.
Does anyone have any ideas how this is happening?