SQL Injection and Content Management Systems: What Webmasters Should Know

Web security

Content management systems (CMS) are amazing and convenient platforms for creating high-quality, customizable websites in a short amount of time. The leading CMS software projects, WordPress, Joomla, and Drupal, all have built a great deal of useful technology on projects that started out small (for instance, Drupal evolved from a message board). They can be used to readily solve most of the common challenges faced by a fully-functioning website. However, the commonality of that technology means that CMS systems can become targets of well-known attack techniques. One such technique is SQL injection and it has especially become a common headache for WordPress site administrators.

SQL injection is a technique almost as old as databases. SQL can be considered the universal standard language for interacting with databases. It was created with the goal of making it easy to communicate with database systems without the need fo r programming. It was also made to resemble human language as much as possible (in fact in was originally called SEQUEL (Structured English Query Language). However, it has often been used by programmers to allow their programs to automatically communicate with databases as well. What often happens is that programmers take shortcuts with SQL that make development easier, but leave glaring security holes, and sometimes allow an attacker to insert entire queries to the database that overtake the system.

The popularity of WordPress has made it a common target for injection attacks. It is open source, written in PHP, and uses MySQL as its database. MySQL also happens to be one of the most used and well-known databases, meaning that its vulnerabilities are also well-known. Fortunately, the WordPress open source community generally works hard to provide updates and fix es to all compromised components whenever such a round of attacks occurs. This is why it is essential for a web administrator to constantly keep up with updates to all themes and plugins that are used to enhance WordPress and other CMS systems, and stay updated on the latest fixes needed to keep websites secure.

Leave a comment