Author: Fahad Mahmood
License: GPL 3. See License below for copyright jots and tittles.
Injection Guard is a wordpress plugin which helps you to get relax about security of your website which can be disturbed by invalid query string based requests. It is much better that if you are using pretty permalinks so you can deny all of the query string parameters straightaway instead of having headache of a list of whitelisted parameters and blacklisted as well. I am a PHP, WordPress developer and i faced a lot of inconvenience regarding keep an eye on security threats related to query strings and user’s activity. Our debugging process demands continuous monitoring to the number of requests and their types. So, I coded a number of fixes for wordpress sites and few of them are in form of articles on my blog.
1- Be in touch with your Google Webmaster Tools.
2- Keep visitng author’s blog for the updates.
sql injection, http injection, site hacked, site hacking, anti hacking, injection guard, hacking
**📌 Log all the unique query strings which are trying to penetrate your website
**📌 Blocked some query parameter
**📌 With an add-on you can ask a free diagnosis for your site
This WordPress Plugin is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or any later version. This free software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this software. If not, see http://www.gnu.org/licenses/gpl-2.0.html.
To use Injection Guard, you will need:
* an installed and configured copy of [WordPress]
(version 3.0 or later).
* FTP, SFTP or shell access to your web host
Go to your wordpress admin “yoursite.com/wp-admin”
Login and then access “yoursite.com/wp-admin/plugin-install.php?tab=upload
Upload and activate this plugin
Now go to admin menu -> settings -> IG Settings
Click on save settings button.
That’s it, now wait for the magic
Download the Injection Guard installation package and extract the files on
Create a new directory named
Injection Guardin the
directory of your WordPress installation. Use an FTP or SFTP client to
upload the contents of your Injection Guard archive to the new directory
that you just created on your web host.
- Log in to the WordPress Dashboard and activate the Injection Guard plugin.
- Once the plugin is activated, a new IG Settings sub-menu will appear in your WordPress admin -> settings menu.
Does this plugin help in saving SEO effort?
Is it secure? If yes, how?
It immediately senses the unauthorized access through query string and block it immediately. It does not let the page generate a valid content for an invalid request. It saves you from an extreme headache.
What if I am still being hacked?
Make sure that your plugin version is updated because protection and related knowledge is evolving every moment. Keep an eye on invalid requests through query strings you have, either restrict few of them or restrict them all if not required.
YES, if the queries are about WordPress and data security then you are welcome.
It is good if you use support tab or plugin’s author blog. If you want to reach the author immediately then use contact form on his blog.
I am not sure that I configured it properly or not?
Contact plugin author, he might will do on your behalf or will guide you shortly.
- Updated version for pioneer. [Thanks to alianwaar91][11/05/2023]
- Updated version for vulnerable to Broken Access Control. [Thanks to Darius Sveikauskas | Patchstack Alliance overlord][10/05/2023]
- Updated version for WordPress. [07/09/2022]
- Bootstrap, FontAwesome and timestamp based log added. [Thanks to Team Ibulb Work]
- Updating jQuery functions.
- Updating FAQs.
- Languages added. [Thanks to Abu Usman]
- Dashboard refined with customers results.
- Dashboard introduced for registered users activity regarding orders and logins from different locations.
- Sanitized input and fixed direct file access issues.
- Updating a few Illegal string offset conditions. [Thanks to PapGeo]
- Updating a few Illegal string offset conditions.
- Releasing with WP Mechanic free help feature.