How to Prevent SQL Injection in WordPress

Update WordPress
1. Log in to the administrative console for your WordPress blog.
2. Click on the 'Updates' link in the left column of the WordPress administrative interface, just below 'Dashboard' and 'Home,' near the top of the page.

3. Verify that you have the latest version of WordPress installed; if not, install it. Back up your database and WordPress files prior to upgrading, especially if you are going from version 2 to version 3 of the software.
Update WordPress Plugins
4. Log in to the WordPress administrative console and navigate to the 'Plugins' section in the left column.
5. Click on the 'Installed plugins' link, which will take you to the plugin administration interface. Be sure to have the 'Active' tab selected to view the list of plugins that are enabled.
6. Scan down the list for any plugins that indicate an updated version is available.
7. Click the link provided to update any plugins that are out of date.
Practice Good Security
8. Verify any plugin you intend to install is registered with the WordPress.org codex. If a plugin is listed in the codex, the code has received more validation than a random plugin off the Internet.
9. Check the WordPress codex for a feedback rating and indications whether the plugin you intend to install has been reported to work with the latest version of WordPress. Look for highly rated plugins with many reports of compatibility.
10. Check the date of the most recent updates to your selected plugin. You want to ensure that bugs and exploits are going to be addressed in a timely manner. You can also verify developer responsiveness by looking into any issues and solutions that have been reported in the past.
11. Maintain constant vigilance for new potential vectors of attack that may be reported in the future. WordPress and its plugins may have unknown bugs that can be exploited. By keeping abreast of the latest news, you can quickly move to close down possible issues before they are exploited.