Title: SQL Injection
Last modified: October 14, 2019

---

# SQL Injection

 *  Resolved [Jamie Gill](https://wordpress.org/support/users/patchgill/)
 * (@patchgill)
 * [6 years, 5 months ago](https://wordpress.org/support/topic/sql-injection-22/)
 * Hi There,
 * I have a couple of sites which seem to be getting the same SQL injection over
   and over.
 * First time I ran a scan and all files showed fine in wordfence. So I updated 
   wordpress/plugins, removed my FTP account and changed the SQL password etc usual
   stuff.
 * However a week later the same thing happened every wp_posts table row a script
   is inject in the post_content column for every page/post on the site which trigger
   popups. The last one was a sub domain of pvclouds/com.
 * They are very light sites a blank theme brochure site with 4 additional plugins:-
 * Advanced Custom Fields PRO
    Contact Form 7 Redirection Yoast SEO
 * Is there anything I can do in wordfence to help target this or stop this, it 
   is like someone has direct access to the DB and is just injecting with a script.
   Not something I have come across before especially not recurring after I have
   applied updates etc.
 * Many Thanks

Viewing 7 replies - 1 through 7 (of 7 total)

 *  [WFSupport](https://wordpress.org/support/users/wfsupport/)
 * (@wfsupport)
 * [6 years, 5 months ago](https://wordpress.org/support/topic/sql-injection-22/#post-12034625)
 * Hi
 * Did you change the cPanel/hosting password as well? Is the firewall running in
   extended protection mode? And are all scan options checked on the Scan > Scan
   Options and Scheduling page?
 * Tim
 *  [thedesignshepherd](https://wordpress.org/support/users/thedesignshepherd/)
 * (@thedesignshepherd)
 * [6 years, 5 months ago](https://wordpress.org/support/topic/sql-injection-22/#post-12039616)
 * Hi Jamie,
    Who is hosting your websites? I have had the same issue and mine are
   hosted with TSO Host on their cloud hosting. I have come across this page which
   suggests that it might be more to do with the hosting than the actual website
   [https://guides.magefix.com/2019/10/repeated-sql-injection-malicious-javascript/](https://guides.magefix.com/2019/10/repeated-sql-injection-malicious-javascript/)
 * I hope this helps,
    Tim
 *  [speedyp](https://wordpress.org/support/users/speedyp/)
 * (@speedyp)
 * [6 years, 5 months ago](https://wordpress.org/support/topic/sql-injection-22/#post-12068541)
 * Yup, me too. Dealing with this at the moment. After wasting days trying to clean
   everything up, we finally moved site to another host so keeping watch to see 
   if it reappears.
 * Get the feeling this really is a TSOHOST / cloud hosting server issue. I know
   they were hacked earlier this year, but we have had very little info or response
   from them about the impact and consequences.
 * Our TSOHOST cloud server was 10.169.0.247
 * HTH
 *  [speedyp](https://wordpress.org/support/users/speedyp/)
 * (@speedyp)
 * [6 years, 4 months ago](https://wordpress.org/support/topic/sql-injection-22/#post-12147274)
 * Just as a follow-up. We had a site on the tsohost cloud hosting which was repeatedly
   infected with malware re-direct script which was tacked on to the end of all 
   the site pages, posts and images. Unable to find a point of entry, we installed
   all the various security plugins we could find, cleaned the site, but was repeatedly
   re-infected within a week or so.
 * Did a lot more research into this and yes, it all does seem to point to tshost
   having databases hacked / infected.
 * As an experiment, we took an exact copy and moved the whole site to another host,
   leaving the original files on the TSOHOST servers as well. And sure enough, the
   new site continues clean, but the copy left with tsohost has again been infected……
 *  [wfdave](https://wordpress.org/support/users/wfdave/)
 * (@wfdave)
 * [6 years, 4 months ago](https://wordpress.org/support/topic/sql-injection-22/#post-12213587)
 * Hi [@speedyp](https://wordpress.org/support/users/speedyp/),
 * So you’re saying the point of entry was TSOHost’s database. Unfortunately for
   cases like this, there’s not much Wordfence can do – as the attacker has full
   control of the site (short of direct FTP access).
 * Dave
 *  [jayjay2011](https://wordpress.org/support/users/jayjay2011/)
 * (@jayjay2011)
 * [6 years, 4 months ago](https://wordpress.org/support/topic/sql-injection-22/#post-12223398)
 * This exact thing is happening to me. The site just keeps getting infected. I 
   even got a company to look st it and clean it but they said its the server. TSO
   support has said it a legacy server/package and they are not supporting it anymore.
   Their solution is to move to CPanel package or move to a new host which is what
   I’m doing
 *  [dougfatheruk](https://wordpress.org/support/users/dougfatheruk/)
 * (@dougfatheruk)
 * [6 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-22/#post-12261288)
 * Just to add my TSO Host based site was hacked very other day with the redirect
   malware.
 * It was extremely stressful, TSO were adamant that no files or database entries
   were being modified. I tried everything to stop the Malware but it just kept 
   coming back. I used Wordfence and Malware, Wordfence never detected the injections
   while Malcare did but it could only clean the site and not prevent it.
 * After following the advice from Magefix I migrated my site to site ground and
   my site has now been clean for months.
 * [https://guides.magefix.com/2019/10/repeated-sql-injection-malicious-javascript/](https://guides.magefix.com/2019/10/repeated-sql-injection-malicious-javascript/)
 * Get your sites off the TSO servers. I now pay way more for Siteground but the
   site is so quick and the support is exceptional, oh and no more Malware……yay!
    -  This reply was modified 6 years, 3 months ago by [dougfatheruk](https://wordpress.org/support/users/dougfatheruk/).

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘SQL Injection’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [sql](https://wordpress.org/support/topic-tag/sql/)

 * 7 replies
 * 4 participants
 * Last reply from: [dougfatheruk](https://wordpress.org/support/users/dougfatheruk/)
 * Last activity: [6 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-22/#post-12261288)
 * Status: resolved