SQL injection is a very popular technique to hack into database of a website by using incorrect user input with unescaped characters. It occurs when developer designs a bad database layer for an application. In WordPress, the database layer is $wpdb class, which is well-designed for this purpose. This class and WordPress itself have some built-in functions to help developers get rid of any SQL injection attack.