The MySQL server is used for your WordPress website. When an intruder gains access to your WordPress server and all of your Web site data, an SQL injection will take place.
An intruder can create a new user account at the admin level using SQL injection, to log into your WordPress website and have complete access to it. You can also insert new data, including links to malicious websites or spam, into your database with SQL injections.
Many WordPress websites are hosted on Apache servers which have a smart trick to defend against such attacks. Each Apache server has a .htaccess file that defines the website access rules. Adding secure code to the .htaccess lays down a strong set of rules.