Adsense begin serving irrelevant ads to my blog. Adsense support told me that those are caused by keywords planted to my blog. So I re-install my wordpress. But irrelevant as keep coming. So I guess someone already inject keywords to my SQL database. Is that possible ? If it is, then how can I remove those planted keywords ?
My blog is about laptop and cellphone. but all ads shown on my blog are health related ads like cod liver oil, losing fat etc.
yeah check the html code. it would help if you posted the url, so experienced members could help you on that.
If you allow user generated content (e.g. comments) then your content will get fuzzy as far as the adsense bot can determine. If you know which section of your page is relevant or which section of your page is irrelevant then you can use Adsense Section Targetting. https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168
You may also track the ip address from which the posting is done, so that you may block those ip address with irrelevent posts.
Keep your wordpress updated to the latest version always. Check the theme you are using, that could be the culprit.
Depends on what code your site is written in... protecting your input variables in PHP with mysql_real_escape_string() function is a good start
Or you might look into parameter binding, most DB libraries support something like this. With parameter binding you never pass your unsafe variable directly into an query, they are supplied using the parameter binding facilities. Any variable input in your query will be marked with an "(questionmark). Then you bind a programming variable to that question mark (properly escaping behind the scenes your data for your output domain e.q. Mysql or Postgresql ) Execute your query. It looks more complex but in the end it creates code that is more attack resistant.
If its your server you might want to install dotdefender to protect your website from sql injection attacks and many more of them. I discover this by finding out I was injected with the asprox silent defacement attack that actually changed my database data and not the front end of the site.
use mysql_real_escape_string() to filter the GET and POST. Further ask your host to install mod-security.
I don't think the cause for your problem is a SQL injection attack. I mean its very hard to inject keywords through a wordpress blog using SQL injection. However please recheck is there any door open for an SQL injection, for example your SQL queries.