Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Buy New
In stock but may require an extra 1-2 days to process.
Ships from and sold by Amazon.com. Gift-wrap available.
WordPress 3 Ultimate Secu... has been added to your Cart
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

WordPress 3 Ultimate Security Paperback – June 13, 2011

4.6 out of 5 stars 8 customer reviews

See all 3 formats and editions Hide other formats and editions
New from Used from
"Please retry"
"Please retry"
$43.90 $43.89

Excel 2016 For Dummies Video Training
Discover what Excel can do for you with self-paced video lessons from For Dummies. Learn more.
$49.99 FREE Shipping. In stock but may require an extra 1-2 days to process. Ships from and sold by Amazon.com. Gift-wrap available.
click to open popover

Editorial Reviews

From the Author

Hi Amazonians :)

I guess my Preface to the book best sums up why you may need it, so here goes ...

Surf safe,



Most likely, today, some hacker tried to crack your WordPress site, its data and content. Maybe that was just a one-off from some bored kid. Just as likely, it was an automated hit, trying dozens of attacks to find a soft spot. Then again, quite likely it was both.

Whether you've been successfully hacked already, else want some insurance, Welcome.

Let's be frank, up front. Web security has no silver bullet. The threatscape is simply too vast, the vulnerabilities too numerous. Your risk stretches from the keyboard at your fingertips, through and out the back of your local machine, buzzing around its network, maybe through your phone, into the router, hopping across your web surfing, into the remote server, buzzing around that network and jumping all over WordPress.

Gee whiz!

In other words, changing the admin username, mashing a new password, and swapping the table prefix doesn't address much, important as these things are. They, and pretty much all the Top Tips guides, combine limited security with a false sense of security.

Place your bets. Your site, whatever its hosting type, is only as safe as the weakest local-to-remote link, and then some. You can shore up WordPress, and you must, but if some Joe Hacker comes along, physically or technically, and grabs a password from your local machine, else bothers to profile you online, then, a few tools later, I'd back the black hat.

I'm sorry if that scares you. The intention is to emote you, to induce you to read not just Chapter 6 (10 Must-Do WordPress Tasks) plus maybe a bit of 7 (Galvanizing WordPress), but to read the lot. I'll try to keep you awake. That being done, I'm also sorry to break this but that's not it. Security is like dogs and Christmas, it's a life-long deal. Fortunately, even though the hacks get better, your security management gets easier and, maybe this author's just a bit sad but, really, hacking the security war is quite good fun.


Whether you are or not, read Chapter 1 (So What's the Risk?). Then see what you think.

From the Inside Flap

What this book covers

Chapter 1, So What's the Risk? sets the scene by outlining the vulnerabilities of WordPress, both directly and indirectly, coupled with the threats seeking to manipulate those frailties and ultimately helping us to weigh up the risk to our sites and blogs.

Chapter 2, Hack or Be Hacked practises our newly-gained theoretical awareness, giving us the hacker's mindset, the methodology, and the toolkit to flag vulnerabilities with WordPress, its server, its network, and contingent devices.

Chapter 3, Securing the Local Box does just that, taking a potentially flaky working environment and reinforcing it with a best of breed anti-malware solution to give us a solid foundation from where to administer the site.

Chapter 4, Surf Safe plugs us tentatively into the wall, and the web, throwing up the problems we face while pinning down the solutions we need to navigate securely this perilous minefield of malicious intent.

Chapter 5, Login Lock-Down maps out the web's mass transport system, its protocols, directing their correct use for securely delivering data while armour-plating precious destinations such as the Dashboard, the server, and phpMyAdmin.

Chapter 6, 10 Must-Do WordPress Tasks gives the platform teeth by addressing common shortcomings with a heap of tips along the way to secure administration and, also for example, setting up an automated off-server backup system.

Chapter 7, Galvanizing WordPress sets out numerous advanced techniques to defend against hackers, scrapers, and spammers while again advising on a range of admin issues such as a security-assistive local development strategy.

Chapter 8, Containing Content addresses ours, explaining the law and our copyright options, showing how to benefit from managed reuse and setting out tools and strategies to defend, track, and regain control of copy and media.

Chapter 9, Serving Up Security boots us into our site's security-interdependent hosting assessment, demystifying least privilege user and file protection while tracking malicious activity with the correct use of logs.

Chapter 10, Solidifying Unmanaged takes due care to harden server and control panel access, to isolate web and server files, to protect PHP and databases, and to firewall the lot with an extensively tweaked network configuration.

Chapter 11, Defense in Depth fortifies the site and server with kernel and memory patching, a web application firewall, simplified logs management and host-, network- and rootkit-based detection systems.

Appendix A, Plugins for Paranoia is my personal pick of the protective plugin pack, with each and every one thoroughly tested and listed on merit.

Appendix B, Don't Panic! Disaster Recovery sequentially orders a strategy to protect our site users, our reputation, and SEO before finding and rectifying problems to get the site back online in the quickest possible time.

Appendix C, Security Policy provides a working document template setting out a framework strategy to pre-empt and future-proof your ongoing security concerns.

Appendix D, Essential Reference pools security's big gun websites including blogs, forums, hacking tools, organizations and, oddly enough, WordPress resources.
If you buy a new print edition of this book (or purchased one in the past), you can buy the Kindle edition for only $2.99 (Save 84%). Print edition purchase must be sold by Amazon. Learn more.
For thousands of qualifying books, your past, present, and future print-edition purchases now lets you buy the Kindle edition for $2.99 or less. (Textbooks available for $9.99 or less.)
  • Thousands of books are eligible, including current and former best sellers.
  • Look for the Kindle MatchBook icon on print and Kindle book detail pages of qualifying books. You can also see more Kindle MatchBook titles here or look up all of your Kindle MatchBook titles here.
  • Read the Kindle edition on any Kindle device or with a free Kindle Reading App.
  • Print edition must be purchased new and sold by Amazon.com.
  • Gifting of the Kindle edition at the Kindle MatchBook price is not available.
Learn more about Kindle MatchBook.

The latest book club pick from Oprah
"The Underground Railroad" by Colson Whitehead is a magnificent novel chronicling a young slave's adventures as she makes a desperate bid for freedom in the antebellum South. See more

Product Details

  • Paperback: 408 pages
  • Publisher: Packt Publishing (June 13, 2011)
  • Language: English
  • ISBN-10: 1849512108
  • ISBN-13: 978-1849512107
  • Product Dimensions: 8.5 x 0.9 x 11 inches
  • Shipping Weight: 1.6 pounds (View shipping rates and policies)
  • Average Customer Review: 4.6 out of 5 stars  See all reviews (8 customer reviews)
  • Amazon Best Sellers Rank: #2,660,474 in Books (See Top 100 in Books)

Customer Reviews

Top Customer Reviews

Format: Paperback
I have been using WordPress since version 2.5 and when I first heard about this book, I was wondering how the author could fill 240+ pages on securing WordPress.

As many veteran WordPress users know, Automattic, the company that oversees the development of the open source blogging platform, does an excellent job keeping it secure, with regular updates. The problem here is many users think that Automattic does everything to keep WordPress sites secure. Do not fall into this trap. Users have to take responsibility too.

So it came as no surprise that the first four chapters are spent explaining how the bad guys work and how to protect your computer and network. The author covers a broad range of topics from how to secure Windows, Mac, and Linux workstations. He gives advice on where to obtain, install and configure personal firewalls and anti-virus software. He suggests ways to avoid spam and make your web browser safe for browsing.

The chapters on WordPress security are just as informative. He explains how to back up your WordPress site (which you are probably already doing. Right?) How to set up file and user permissions. He explains which WordPress files and features should be disabled or removed to avoid hackers and why you should use SSL, SFTP and hardened shell accounts to access your site.

If your site does get hacked, there is a disaster recovery section that explains how to get your site back online and make sure it doesn't get hacked again.

I am an IT consultant and have worked with PCs in some form since 1982 and built my first website in 1995. I thought I knew a lot about security, but this book taught me many new ways to secure websites and computers. It was a quick read and brought me up to date on the fast changing world of Internet security.

This book can help all users, from WordPress beginners to IT professionals. I recommend reading it to keep both your website and PC/Mac/Linux computer safe.
1 Comment 11 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
As a new web designer/developer, I am really glad to have this book. I came to feel that the author, Olly Connelly, knows what he's talking about and actually wants WordPress users to have a website that is as secure as possible.

And not just WordPress users. This book provides a level of depth and technical detail that any internet security manager would love. There are, in fact, only two chapters (and an Appendix) specific to WordPress. The rest contains techniques, explanations and references that cover the gamut of internet security experience; from your personal computer, through its various links to the web, and on into your server system and website files.

This book is not for the casual WordPress user, although the information in Chapters 6 and 7 is worth the price of the book. Chapter 8 is also invaluable to those of you who care about your written content and search rankings, and want to protect them them from undeserved use.

This book is more for people who have at least a working knowledge of computer and server file systems and a willingness to learn some new vocabulary. It is definitely for internet security novices, and seems to be an excellent resource for pros. Every step of the way, Connelly pays due attention to the different operating systems (Windows, Macs and Linux) including command line access. Having a book full of vested, security-related websites and plugins is certainly worth the cost as well.

Olly Connelly runs a website called vpsbible.com especially for people who are new to managing their own Linux servers. His regard for VPS (Virtual Private Server) shows through in the book and he devotes the last two chapters to heavy duty security for unmanaged hosting solutions.
Read more ›
3 Comments 4 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
If you manage your own WordPress website, you should have this book. If you have someone else manage your WordPress website for you, they should have this book.

WordPress 3 Ultimate Security by Olly Connelly is a comprehensive guide, not just to WordPress security, but to Internet security in general. My initial thought when buying the book was that it would compile a bunch of WordPress-specific security best practices into one concise resource. It does indeed do that, but as it turns out, having a secure WordPress website goes way beyond just securing your WordPress installation. Olly Connelly does a superb job of laying out a comprehensive overview of Internet security to help you set up and maintain a clean WordPress website that is as hacker-resistant as possible, from securing your own personal computer, your access point to the Internet, to your web server and of course the WordPress package itself.

In dealing with recent WordPress hacks, I was left wondering, who are these hackers that have hacked my site and how did they do it? The book starts off with an introduction to the overall threatscape including who the hackers are, including how they work, their basic methodology (reconnaissance, scanning, gain access, secure access, cover tracks) and tools that they use. This is important in being able to assess your risk, which is the result of vulnerability times threat.

After having introduced us to the hackers and their ways, Olly covers securing your own computer, with a detailed analysis of tools and techniques for securing your PC, especially, Windows PCs. In a logical progression he then covers security related to accessing the Internet, including local networks, Wi-Fi and browsers and security related to connecting to your web server.
Read more ›
Comment 4 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Set up an Amazon Giveaway

WordPress 3 Ultimate Security
Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more about Amazon Giveaway
This item: WordPress 3 Ultimate Security