Title: Filtering javascript injection
Last modified: June 10, 2020

---

# Filtering javascript injection

 *  Resolved [gwdlarry](https://wordpress.org/support/users/gwdlarry/)
 * (@gwdlarry)
 * [6 years ago](https://wordpress.org/support/topic/filtering-javascript-injection/)
 * Hello there,
    one of our sites has been hacked with javascript redirection code
   injected in the wp_posts.post_content table field. We successfully removed it.
   However, I’m looking for a solution able to block such attacks (I’m already using
   a firewall plugin that seems to let this type of attack through at the moment).
   As any executable javascript code is unwanted in a post, my thought is to filter
   out the sql statement needed for such an attack. I think the statement to filter
   out would look something like `"update wp_posts set post_content=xyz<script ...
   ></script>"` So my question is: would your plugin block such an attack? Thank
   you. Best, Larry.

Viewing 1 replies (of 1 total)

 *  Plugin Author [Jeff Starr](https://wordpress.org/support/users/specialk/)
 * (@specialk)
 * [5 years, 12 months ago](https://wordpress.org/support/topic/filtering-javascript-injection/#post-12967042)
 * Hi Larry,
 * Yes, the `<script` portion of the string would be blocked immediately. No way
   that request would get thru with BBQ (free or pro version). To verify, you can
   install the plugin and try that request yourself. The result: stopped cold.

Viewing 1 replies (of 1 total)

The topic ‘Filtering javascript injection’ is closed to new replies.

 * ![](https://ps.w.org/block-bad-queries/assets/icon-256x256.png?rev=1471770)
 * [BBQ Firewall - Fast & Powerful Firewall Security](https://wordpress.org/plugins/block-bad-queries/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/block-bad-queries/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/block-bad-queries/)
 * [Active Topics](https://wordpress.org/support/plugin/block-bad-queries/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/block-bad-queries/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/block-bad-queries/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Jeff Starr](https://wordpress.org/support/users/specialk/)
 * Last activity: [5 years, 12 months ago](https://wordpress.org/support/topic/filtering-javascript-injection/#post-12967042)
 * Status: resolved