Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Other Sellers on Amazon
+ Free Shipping
+ $3.99 shipping
+ Free Shipping
WordPress 3 Ultimate Security Paperback – June 13, 2011
|New from||Used from|
See the Best Books of 2018 So Far
Looking for something great to read? Browse our editors' picks for the best books of the year so far in fiction, nonfiction, mysteries, children's books, and much more.
From the Author
Hi Amazonians :)
I guess my Preface to the book best sums up why you may need it, so here goes ...
Most likely, today, some hacker tried to crack your WordPress site, its data and content. Maybe that was just a one-off from some bored kid. Just as likely, it was an automated hit, trying dozens of attacks to find a soft spot. Then again, quite likely it was both.
Whether you've been successfully hacked already, else want some insurance, Welcome.
Let's be frank, up front. Web security has no silver bullet. The threatscape is simply too vast, the vulnerabilities too numerous. Your risk stretches from the keyboard at your fingertips, through and out the back of your local machine, buzzing around its network, maybe through your phone, into the router, hopping across your web surfing, into the remote server, buzzing around that network and jumping all over WordPress.
In other words, changing the admin username, mashing a new password, and swapping the table prefix doesn't address much, important as these things are. They, and pretty much all the Top Tips guides, combine limited security with a false sense of security.
Place your bets. Your site, whatever its hosting type, is only as safe as the weakest local-to-remote link, and then some. You can shore up WordPress, and you must, but if some Joe Hacker comes along, physically or technically, and grabs a password from your local machine, else bothers to profile you online, then, a few tools later, I'd back the black hat.
I'm sorry if that scares you. The intention is to emote you, to induce you to read not just Chapter 6 (10 Must-Do WordPress Tasks) plus maybe a bit of 7 (Galvanizing WordPress), but to read the lot. I'll try to keep you awake. That being done, I'm also sorry to break this but that's not it. Security is like dogs and Christmas, it's a life-long deal. Fortunately, even though the hacks get better, your security management gets easier and, maybe this author's just a bit sad but, really, hacking the security war is quite good fun.
Whether you are or not, read Chapter 1 (So What's the Risk?). Then see what you think.
From the Inside Flap
What this book covers
Chapter 1, So What's the Risk? sets the scene by outlining the vulnerabilities of WordPress, both directly and indirectly, coupled with the threats seeking to manipulate those frailties and ultimately helping us to weigh up the risk to our sites and blogs.
Chapter 2, Hack or Be Hacked practises our newly-gained theoretical awareness, giving us the hacker's mindset, the methodology, and the toolkit to flag vulnerabilities with WordPress, its server, its network, and contingent devices.
Chapter 3, Securing the Local Box does just that, taking a potentially flaky working environment and reinforcing it with a best of breed anti-malware solution to give us a solid foundation from where to administer the site.
Chapter 4, Surf Safe plugs us tentatively into the wall, and the web, throwing up the problems we face while pinning down the solutions we need to navigate securely this perilous minefield of malicious intent.
Chapter 5, Login Lock-Down maps out the web's mass transport system, its protocols, directing their correct use for securely delivering data while armour-plating precious destinations such as the Dashboard, the server, and phpMyAdmin.
Chapter 6, 10 Must-Do WordPress Tasks gives the platform teeth by addressing common shortcomings with a heap of tips along the way to secure administration and, also for example, setting up an automated off-server backup system.
Chapter 7, Galvanizing WordPress sets out numerous advanced techniques to defend against hackers, scrapers, and spammers while again advising on a range of admin issues such as a security-assistive local development strategy.
Chapter 8, Containing Content addresses ours, explaining the law and our copyright options, showing how to benefit from managed reuse and setting out tools and strategies to defend, track, and regain control of copy and media.
Chapter 9, Serving Up Security boots us into our site's security-interdependent hosting assessment, demystifying least privilege user and file protection while tracking malicious activity with the correct use of logs.
Chapter 10, Solidifying Unmanaged takes due care to harden server and control panel access, to isolate web and server files, to protect PHP and databases, and to firewall the lot with an extensively tweaked network configuration.
Chapter 11, Defense in Depth fortifies the site and server with kernel and memory patching, a web application firewall, simplified logs management and host-, network- and rootkit-based detection systems.
Appendix A, Plugins for Paranoia is my personal pick of the protective plugin pack, with each and every one thoroughly tested and listed on merit.
Appendix B, Don't Panic! Disaster Recovery sequentially orders a strategy to protect our site users, our reputation, and SEO before finding and rectifying problems to get the site back online in the quickest possible time.
Appendix C, Security Policy provides a working document template setting out a framework strategy to pre-empt and future-proof your ongoing security concerns.
Appendix D, Essential Reference pools security's big gun websites including blogs, forums, hacking tools, organizations and, oddly enough, WordPress resources.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
As many veteran WordPress users know, Automattic, the company that oversees the development of the open source blogging platform, does an excellent job keeping it secure, with regular updates. The problem here is many users think that Automattic does everything to keep WordPress sites secure. Do not fall into this trap. Users have to take responsibility too.
So it came as no surprise that the first four chapters are spent explaining how the bad guys work and how to protect your computer and network. The author covers a broad range of topics from how to secure Windows, Mac, and Linux workstations. He gives advice on where to obtain, install and configure personal firewalls and anti-virus software. He suggests ways to avoid spam and make your web browser safe for browsing.
The chapters on WordPress security are just as informative. He explains how to back up your WordPress site (which you are probably already doing. Right?) How to set up file and user permissions. He explains which WordPress files and features should be disabled or removed to avoid hackers and why you should use SSL, SFTP and hardened shell accounts to access your site.
If your site does get hacked, there is a disaster recovery section that explains how to get your site back online and make sure it doesn't get hacked again.
I am an IT consultant and have worked with PCs in some form since 1982 and built my first website in 1995. I thought I knew a lot about security, but this book taught me many new ways to secure websites and computers. It was a quick read and brought me up to date on the fast changing world of Internet security.
This book can help all users, from WordPress beginners to IT professionals. I recommend reading it to keep both your website and PC/Mac/Linux computer safe.
And not just WordPress users. This book provides a level of depth and technical detail that any internet security manager would love. There are, in fact, only two chapters (and an Appendix) specific to WordPress. The rest contains techniques, explanations and references that cover the gamut of internet security experience; from your personal computer, through its various links to the web, and on into your server system and website files.
This book is not for the casual WordPress user, although the information in Chapters 6 and 7 is worth the price of the book. Chapter 8 is also invaluable to those of you who care about your written content and search rankings, and want to protect them them from undeserved use.
This book is more for people who have at least a working knowledge of computer and server file systems and a willingness to learn some new vocabulary. It is definitely for internet security novices, and seems to be an excellent resource for pros. Every step of the way, Connelly pays due attention to the different operating systems (Windows, Macs and Linux) including command line access. Having a book full of vested, security-related websites and plugins is certainly worth the cost as well.
Olly Connelly runs a website called vpsbible.com especially for people who are new to managing their own Linux servers. His regard for VPS (Virtual Private Server) shows through in the book and he devotes the last two chapters to heavy duty security for unmanaged hosting solutions. Most websites are run on shared servers, though, and he explains the differences and the pros and cons quite well in Chapter 9.
I personally enjoyed learning the names of the different sorts of hackers and crackers out there. In the first few chapters, he describes them, the risks (and benefits!) they provide and what you can do as a "white hat" hacker to find out just how vulnerable your systems are.
If I have any complaint about the book, it is the `overly youthful' language. Or is that overly geekish? There is, for example, not a single use of the word "or" in the book; it's been replaced with the programming word "else." This is either too clever, or I have lived long enough to be witnessing dramatic changes in our living language.
PACKT Publishing is a publisher of the open source community experience and provides the kind of support for its products that I've come to expect of modern day publishers. There are e-versions of the book, online errata and updates as well as code available for your use. All in all I'm very impressed and can easily recommend WordPress 3 Ultimate Security.