Title: Security alert Last modified: April 29, 2018 --- # Security alert * Resolved [watergeus5](https://wordpress.org/support/users/watergeus5/) * (@watergeus5) * [8 years, 1 month ago](https://wordpress.org/support/topic/security-alert-7/) * This plugin appears to be causing a blind SQL injection attack on my server. * I’m configuring my new wordpress site and have now been twice blocked by my site’s firewall, the message being (I’ve removed my IP address): * Your IP address … had been blocked by the firewall due to repeatedly triggering a mod_security filter rule (“Blind SQL Injection Attack” – see sample below). I have unblocked your IP address and disabled the filter rule in question on the assumption that this is a false positive. * — [Fri Apr 27 16:13:48 2018] [error] [client …] ModSecurity: Access denied with code 406 (phase 2). Pattern match “\\\\b(?:(?:s(?:ys(?:(?:(?:process|tabl)e|filegroup |object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:(?:(?:constrain |objec)t|tab(?:_column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ) id|ll_objects)|object_(?:(?:nam|typ)e|id) …” at ARGS:data[form_data]. [file “/ usr/local/apache/conf/modsec2.user.conf”] [line “134”] [id “950904”] [msg “Blind SQL Injection Attack”] [data “user_password”] [severity “CRITICAL”] [tag “WEB_ATTACK/ SQL_INJECTION”] [hostname “bourneendu3a.org.uk”] [uri “/wp-admin/admin-ajax.php”][ unique_id “WuM@LE31QtoAE3U9PlAAAABE”] * This was repeated a large number of times. * I was at the time trying to configure the “User registration” plugin v1.2.5 and it was not behaving as per instructions. (It wouldn’t save a new configuration.) I had deactivated all other plugins (Logged in User Shortcode, Theme My Login, Coming Soon Page & Maintenance Mode) except the last but otherwise it’s a standard 4.9.5 WordPress with Iconic-One theme. I had the latest version 1.2.5.1 earlier which produced the same results. I’ve put requests on WPEverest’s forums but had no help from there. * Whilst I can’t put it down to this plugin 100% it does appear the most likely cause. I’ve now deleted it from my site. Viewing 1 replies (of 1 total) * Plugin Author [wpeverest](https://wordpress.org/support/users/wpeverest/) * (@wpeverest) * [8 years, 1 month ago](https://wordpress.org/support/topic/security-alert-7/#post-10231456) * Hi watergeus5, * We think it’s a false trigger by the ModSecurity. Your host seems to be triggering the alert whenever they see user_password text. The user_password string is being used on our plugin nothing fishy going there or any SQL injection. You can ask your host to turn off this particular config for this may be. * We guess this is the reason you were not able to save the form. Viewing 1 replies (of 1 total) The topic ‘Security alert’ is closed to new replies. * ![](https://ps.w.org/user-registration/assets/icon-256x256.gif?rev=3284028) * [User Registration & Membership - Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder](https://wordpress.org/plugins/user-registration/) * [Frequently Asked Questions](https://wordpress.org/plugins/user-registration/#faq) * [Support Threads](https://wordpress.org/support/plugin/user-registration/) * [Active Topics](https://wordpress.org/support/plugin/user-registration/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/user-registration/unresolved/) * [Reviews](https://wordpress.org/support/plugin/user-registration/reviews/) * 1 reply * 2 participants * Last reply from: [wpeverest](https://wordpress.org/support/users/wpeverest/) * Last activity: [8 years, 1 month ago](https://wordpress.org/support/topic/security-alert-7/#post-10231456) * Status: resolved