Title: SQL Injections Last modified: August 31, 2016 --- # SQL Injections * Resolved [gnosis_wp](https://wordpress.org/support/users/gnosis_wordpress/) * (@gnosis_wordpress) * [10 years, 4 months ago](https://wordpress.org/support/topic/sql-injections-1/) * The retina scan on my website suggests SQL injection vulnerabilities on most of the (RSS) feeds from the WordPress install. How to protect the server and installation from such an attack? Viewing 6 replies - 1 through 6 (of 6 total) * Moderator [James Huff](https://wordpress.org/support/users/macmanx/) * (@macmanx) * [10 years, 4 months ago](https://wordpress.org/support/topic/sql-injections-1/#post-6904255) * Where did you find that scan? * An RSS feed is read-only, nothing can be injected by it. * [https://sitecheck.sucuri.net/](https://sitecheck.sucuri.net/) is a free scanner from a company that’s been credible in the community for many years. * Thread Starter [gnosis_wp](https://wordpress.org/support/users/gnosis_wordpress/) * (@gnosis_wordpress) * [10 years, 4 months ago](https://wordpress.org/support/topic/sql-injections-1/#post-6904282) * Can anything be injected via Contact Form 7: [https://wordpress.org/plugins/contact-form-7/](https://wordpress.org/plugins/contact-form-7/) * Retina said that was a point of vulnerability. However, nothing is written to the database via the plugin only emailed, so this is confusing. * Retina is: [https://www.beyondtrust.com/products/retina-network-security-scanner/](https://www.beyondtrust.com/products/retina-network-security-scanner/) * Moderator [James Huff](https://wordpress.org/support/users/macmanx/) * (@macmanx) * [10 years, 4 months ago](https://wordpress.org/support/topic/sql-injections-1/#post-6904302) * Anything that adds to the database is a *point* of vulnerability, but it doesn’t mean that it *is* a vulnerability. * For example, your front door is a *point* of vulnerability because you *could* simply leave it open. It doesn’t mean that you *will* though. 😉 * Regardless though, I recommend double-checking at [https://wordpress.org/support/plugin/contact-form-7](https://wordpress.org/support/plugin/contact-form-7) * Overall though, I’m not sure I trust that scanner. They’re apparently “the security industry’s most respected and validated vulnerability assessment tool,” but this is the first time I’ve heard of them. Overall it seems that they just excessively give red flags to anything that maybe could one day be vulnerability without seeing if it actually is. Under what they’ve reported so far (RSS feeds and Contact Forms), you might as well just have a static HTML site. 😉 * Moderator [James Huff](https://wordpress.org/support/users/macmanx/) * (@macmanx) * [10 years, 4 months ago](https://wordpress.org/support/topic/sql-injections-1/#post-6904303) * I should add that we have our own recommend security measures here: [https://codex.wordpress.org/Hardening_WordPress](https://codex.wordpress.org/Hardening_WordPress) * Thread Starter [gnosis_wp](https://wordpress.org/support/users/gnosis_wordpress/) * (@gnosis_wordpress) * [10 years, 4 months ago](https://wordpress.org/support/topic/sql-injections-1/#post-6904304) * Thanks, James. In regards to Retina, our IT folks, super-informed, stand behind it. I have always had some issues with the ‘Hardening WordPress’ codex page. I wish it was more prescriptive, especially with file permissions. * Moderator [James Huff](https://wordpress.org/support/users/macmanx/) * (@macmanx) * [10 years, 4 months ago](https://wordpress.org/support/topic/sql-injections-1/#post-6904306) * You’re welcome! Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘SQL Injections’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 6 replies * 2 participants * Last reply from: [James Huff](https://wordpress.org/support/users/macmanx/) * Last activity: [10 years, 4 months ago](https://wordpress.org/support/topic/sql-injections-1/#post-6904306) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics