To get the free app, enter your mobile phone number.
WordPress 3 Ultimate Security Paperback – June 13, 2011
|New from||Used from|
Excel 2016 For Dummies Video Training
Discover what Excel can do for you with self-paced video lessons from For Dummies. Learn more.
Customers Who Viewed This Item Also Viewed
From the Author
I guess my Preface to the book best sums up why you may need it, so here goes ...
Most likely, today, some hacker tried to crack your WordPress site, its data and content. Maybe that was just a one-off from some bored kid. Just as likely, it was an automated hit, trying dozens of attacks to find a soft spot. Then again, quite likely it was both.
Whether you've been successfully hacked already, else want some insurance, Welcome.
Let's be frank, up front. Web security has no silver bullet. The threatscape is simply too vast, the vulnerabilities too numerous. Your risk stretches from the keyboard at your fingertips, through and out the back of your local machine, buzzing around its network, maybe through your phone, into the router, hopping across your web surfing, into the remote server, buzzing around that network and jumping all over WordPress.
In other words, changing the admin username, mashing a new password, and swapping the table prefix doesn't address much, important as these things are. They, and pretty much all the Top Tips guides, combine limited security with a false sense of security.
Place your bets. Your site, whatever its hosting type, is only as safe as the weakest local-to-remote link, and then some. You can shore up WordPress, and you must, but if some Joe Hacker comes along, physically or technically, and grabs a password from your local machine, else bothers to profile you online, then, a few tools later, I'd back the black hat.
I'm sorry if that scares you. The intention is to emote you, to induce you to read not just Chapter 6 (10 Must-Do WordPress Tasks) plus maybe a bit of 7 (Galvanizing WordPress), but to read the lot. I'll try to keep you awake. That being done, I'm also sorry to break this but that's not it. Security is like dogs and Christmas, it's a life-long deal. Fortunately, even though the hacks get better, your security management gets easier and, maybe this author's just a bit sad but, really, hacking the security war is quite good fun.
Whether you are or not, read Chapter 1 (So What's the Risk?). Then see what you think.
From the Inside Flap
Chapter 1, So What's the Risk? sets the scene by outlining the vulnerabilities of WordPress, both directly and indirectly, coupled with the threats seeking to manipulate those frailties and ultimately helping us to weigh up the risk to our sites and blogs.
Chapter 2, Hack or Be Hacked practises our newly-gained theoretical awareness, giving us the hacker's mindset, the methodology, and the toolkit to flag vulnerabilities with WordPress, its server, its network, and contingent devices.
Chapter 3, Securing the Local Box does just that, taking a potentially flaky working environment and reinforcing it with a best of breed anti-malware solution to give us a solid foundation from where to administer the site.
Chapter 4, Surf Safe plugs us tentatively into the wall, and the web, throwing up the problems we face while pinning down the solutions we need to navigate securely this perilous minefield of malicious intent.
Chapter 5, Login Lock-Down maps out the web's mass transport system, its protocols, directing their correct use for securely delivering data while armour-plating precious destinations such as the Dashboard, the server, and phpMyAdmin.
Chapter 6, 10 Must-Do WordPress Tasks gives the platform teeth by addressing common shortcomings with a heap of tips along the way to secure administration and, also for example, setting up an automated off-server backup system.
Chapter 7, Galvanizing WordPress sets out numerous advanced techniques to defend against hackers, scrapers, and spammers while again advising on a range of admin issues such as a security-assistive local development strategy.
Chapter 8, Containing Content addresses ours, explaining the law and our copyright options, showing how to benefit from managed reuse and setting out tools and strategies to defend, track, and regain control of copy and media.
Chapter 9, Serving Up Security boots us into our site's security-interdependent hosting assessment, demystifying least privilege user and file protection while tracking malicious activity with the correct use of logs.
Chapter 10, Solidifying Unmanaged takes due care to harden server and control panel access, to isolate web and server files, to protect PHP and databases, and to firewall the lot with an extensively tweaked network configuration.
Chapter 11, Defense in Depth fortifies the site and server with kernel and memory patching, a web application firewall, simplified logs management and host-, network- and rootkit-based detection systems.
Appendix A, Plugins for Paranoia is my personal pick of the protective plugin pack, with each and every one thoroughly tested and listed on merit.
Appendix B, Don't Panic! Disaster Recovery sequentially orders a strategy to protect our site users, our reputation, and SEO before finding and rectifying problems to get the site back online in the quickest possible time.
Appendix C, Security Policy provides a working document template setting out a framework strategy to pre-empt and future-proof your ongoing security concerns.
Appendix D, Essential Reference pools security's big gun websites including blogs, forums, hacking tools, organizations and, oddly enough, WordPress resources.
If you buy a new print edition of this book (or purchased one in the past), you can buy the Kindle edition for only $2.99 (Save 84%). Print edition purchase must be sold by Amazon. Learn more.
For thousands of qualifying books, your past, present, and future print-edition purchases now lets you buy the Kindle edition for $2.99 or less. (Textbooks available for $9.99 or less.)
Top Customer Reviews
As many veteran WordPress users know, Automattic, the company that oversees the development of the open source blogging platform, does an excellent job keeping it secure, with regular updates. The problem here is many users think that Automattic does everything to keep WordPress sites secure. Do not fall into this trap. Users have to take responsibility too.
So it came as no surprise that the first four chapters are spent explaining how the bad guys work and how to protect your computer and network. The author covers a broad range of topics from how to secure Windows, Mac, and Linux workstations. He gives advice on where to obtain, install and configure personal firewalls and anti-virus software. He suggests ways to avoid spam and make your web browser safe for browsing.
The chapters on WordPress security are just as informative. He explains how to back up your WordPress site (which you are probably already doing. Right?) How to set up file and user permissions. He explains which WordPress files and features should be disabled or removed to avoid hackers and why you should use SSL, SFTP and hardened shell accounts to access your site.
If your site does get hacked, there is a disaster recovery section that explains how to get your site back online and make sure it doesn't get hacked again.
I am an IT consultant and have worked with PCs in some form since 1982 and built my first website in 1995. I thought I knew a lot about security, but this book taught me many new ways to secure websites and computers. It was a quick read and brought me up to date on the fast changing world of Internet security.
This book can help all users, from WordPress beginners to IT professionals. I recommend reading it to keep both your website and PC/Mac/Linux computer safe.
And not just WordPress users. This book provides a level of depth and technical detail that any internet security manager would love. There are, in fact, only two chapters (and an Appendix) specific to WordPress. The rest contains techniques, explanations and references that cover the gamut of internet security experience; from your personal computer, through its various links to the web, and on into your server system and website files.
This book is not for the casual WordPress user, although the information in Chapters 6 and 7 is worth the price of the book. Chapter 8 is also invaluable to those of you who care about your written content and search rankings, and want to protect them them from undeserved use.
This book is more for people who have at least a working knowledge of computer and server file systems and a willingness to learn some new vocabulary. It is definitely for internet security novices, and seems to be an excellent resource for pros. Every step of the way, Connelly pays due attention to the different operating systems (Windows, Macs and Linux) including command line access. Having a book full of vested, security-related websites and plugins is certainly worth the cost as well.
Olly Connelly runs a website called vpsbible.com especially for people who are new to managing their own Linux servers. His regard for VPS (Virtual Private Server) shows through in the book and he devotes the last two chapters to heavy duty security for unmanaged hosting solutions.Read more ›
WordPress 3 Ultimate Security by Olly Connelly is a comprehensive guide, not just to WordPress security, but to Internet security in general. My initial thought when buying the book was that it would compile a bunch of WordPress-specific security best practices into one concise resource. It does indeed do that, but as it turns out, having a secure WordPress website goes way beyond just securing your WordPress installation. Olly Connelly does a superb job of laying out a comprehensive overview of Internet security to help you set up and maintain a clean WordPress website that is as hacker-resistant as possible, from securing your own personal computer, your access point to the Internet, to your web server and of course the WordPress package itself.
In dealing with recent WordPress hacks, I was left wondering, who are these hackers that have hacked my site and how did they do it? The book starts off with an introduction to the overall threatscape including who the hackers are, including how they work, their basic methodology (reconnaissance, scanning, gain access, secure access, cover tracks) and tools that they use. This is important in being able to assess your risk, which is the result of vulnerability times threat.
After having introduced us to the hackers and their ways, Olly covers securing your own computer, with a detailed analysis of tools and techniques for securing your PC, especially, Windows PCs. In a logical progression he then covers security related to accessing the Internet, including local networks, Wi-Fi and browsers and security related to connecting to your web server.Read more ›
Most Recent Customer Reviews
Many, many very good ideas and tactics for WordPress security. Good intro to application security overall (it's a big, bad internet out there!)Published 13 months ago by Khabir
As a whole, the book is excellent. I was looking for more specific information about Comodo and how it works. In general, it looks like a 5 star book.Published on April 3, 2014 by Larry Shoemaker
WordPress 3 ULTIMATE SECURITY: Olly Connelly the one and only life saver and mastermind behind VPSBible.com. I bought a Linode. Read morePublished on August 24, 2012 by BlackvFace
great book. well written, easy to understand. I learned so many new things. It covers all sorts of IT security, not just wordpress. Read morePublished on March 10, 2012 by ale1964