WordPress 3 Ultimate Security

WordPress 3 Ultimate Security
eBook: $29.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 15%!
Print + free eBook + free PacktLib access to the book: $79.98    Print cover: $49.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • Know the risks, think like a hacker, use their toolkit, find problems first – and kick attacks into touch
  • Lock down your entire network from the local PC and web connection to the server and WordPress itself
  • Find out how to back up and secure your content and, when it's scraped, know what to do to enforce your copyright
  • Understand disaster recovery and use the best-of-breed tools, code, modules, techniques, and plugins to insure against attacks
  • Learn fast with this easy-read, jargon-light book jam-packed with copy-paste solutions to suit all levels

Book Details

Language : English
Paperback : 408 pages [ 235mm x 191mm ]
Release Date : June 2011
ISBN : 1849512108
ISBN 13 : 9781849512107
Author(s) : Olly Connelly
Topics and Technologies : All Books, CMS and eCommerce, Security and Testing, Content Management (CMS), Open Source, PHP, WordPress

Table of Contents

Chapter 1: So What's the Risk?
Chapter 2: Hack or Be Hacked
Chapter 3: Securing the Local Box
Chapter 4: Surf Safe
Chapter 5: Login Lock-Down
Chapter 6: 10 Must-Do WordPress Tasks
Chapter 7: Galvanizing WordPress
Chapter 8: Containing Content
Chapter 9: Serving Up Security
Chapter 10: Solidifying Unmanaged
Chapter 11: Defense in Depth
Appendix A: Plugins for Paranoia
Appendix B: Don't Panic! Disaster Recovery
Appendix C: Security Policy
Appendix D: Essential Reference
  • Chapter 1: So What's the Risk?
    • Calculated risk
    • An overview of our risk
    • Meet the hackers
      • White hat
      • Black hat
        • Botnets
        • Cybercriminals
        • Hacktivists
        • Scrapers
        • Script kiddies
        • Spammers
        • Misfits
      • Grey hat
      • Hackers and crackers
    • Physically hacked off
    • Social engineering
      • Phone calls
      • Walk-ins
      • Enticing URLs
      • Phishing
      • Social networking (and so on)
      • Protecting against social engineering
    • Weighing up Windows, Linux, and Mac OS X
      • The deny-by-default permission model
      • The open source advantage
      • System security summary
    • Malwares dissected
      • Blended threats
      • Crimeware
      • Data loggers
        • At loggerheads with the loggers
      • Hoax virus
      • Rootkits
      • Spyware
      • Trojan horses
      • Viruses
      • Worms
      • Zero day
    • World wide worry
      • Old browser (and other app) versions
      • Unencrypted traffic
      • Dodgy sites, social engineering, and phish food
      • Infected public PCs
      • Sniffing out problems with wireless
      • Wireless hotspots
        • Evil twins
      • Ground zero
    • Overall risk to the site and server
      • Physical server vulnerabilities
      • Open ports with vulnerable services
      • Access and authentication issues
        • Buffer overflow attacks
        • Intercepting data with man-in-the-middle attacks
        • Cracking authentication with password attacks
        • The many dangers of cross-site scripting (XSS)
        • Assorted threats with cross-site request forgery (CSRF)
        • Accessible round-up
      • Lazy site and server administration
        • Vulnerable versions
        • Redundant files
        • Privilege escalation and jailbreak opportunities
        • Unchecked information leak
      • Content theft, SEO pillaging, and spam defacement
        • Scraping and media hotlinking
        • Damn spam, rants, and heart attacks
    • Summary
    • Chapter 2: Hack or Be Hacked
      • Introducing the hacker's methodology
        • Reconnaissance
        • Scanning
        • Gain access
        • Secure access
        • Cover tracks
      • Ethical hacking vs. doing time
      • The reconnaissance phase
        • What to look for
        • How to look for it
          • Google hacking
          • More on Google hacking
        • Scouting-assistive applications
        • Hacking Google hacking with SiteDigger
        • WHOIS whacking
      • Demystifying DNS
        • Resolving a web address
      • Domain name security
      • The scanning phase
        • Mapping out the network
          • Nmap: the Network Mapper
          • Secondary scanners
        • Scanning for server vulnerabilities
          • Nessus
          • OpenVAS
          • GFI Languard
          • Qualys
          • NeXpose and Metasploit
        • Scanning for web vulnerabilities
          • Wikto
          • Paros Proxy
          • HackerTarget
          • Alternative tools
        • Hack packs
      • Summary
      • Chapter 3: Securing the Local Box
        • Breaking Windows: considering alternatives
        • Windows security services
          • Security or Action Center
          • Windows Firewall
          • Windows Update
          • Internet Options
          • Windows Defender
          • User Account Control
            • Configuring UAC in Vista
            • Configuring UAC in Windows 7
            • Disabling UAC at the registry (Vista and 7)
            • UAC problems with Vista Home and Premium
        • Proactive about anti-malware
          • The reactionary old guard: detection
            • Regular antivirus scanners
          • The proactive new guard: prevention
        • The almost perfect anti-malware solution
          • Comodo Internet Security (CIS)
            • Comodo Firewall
            • Comodo Antivirus
            • Comodo Defense+ (HIPS) and sandbox
          • Pick 'n mix anti-malware modules
          • Firewall with ZoneAlarm
          • Antivirus with Avira AntiVir
          • HIPS + sandbox + firewall with DefenseWall
          • Behavior scanning with ThreatFire
            • Updating ThreatFire
            • Sensitivity Level
            • System Activity Monitor
          • Multiple sandboxes with Sandboxie
          • Advanced sandboxing (and more) with virtual machines
          • Rootkit detection with GMER and RootRepeal
          • Malware cleaning with Malwarebytes
          • Anti-malware product summary
          • Prevention models and user commitment
        • Windows user accounts
          • XP user accounts
          • Vista and Windows 7 user accounts
        • Managing passwords and sensitive data
          • Proper passphrase policy
          • Password and data managers
            • Web browser data managers
            • Future-proofed data management
            • Why LastPass?
            • Setting up LastPass
            • Passed out? That's it!
        • Securing data and backup solutions
          • Have separate data drives
          • Encrypting hard drives
          • Automated incremental backup
          • Registry backup
        • Programming a safer system
          • Patching the system and programs
          • Binning unwanted software
          • Disabling clutter and risky Windows services
          • Disabling XP's Simple File Sharing
        • Summary
        • Chapter 4: Surf Safe
          • Look (out), no wires
            • Alt: physical cable connection
            • The wireless management utility
            • Securing wireless
              • Router password
              • Changing the SSID
              • Hiding the SSID
              • WEP vs. WPA vs. WPA2
              • WPA2 with AES
              • AES vs. TKIP
            • Wireless authentication key
            • Optional: MAC address filtering
            • Summing up wireless
          • Network security re-routed
            • Swapping firmware
          • Using public computers – it can be done
            • Booting a Preinstalled Environment (PE)
            • Secure your browsing
            • Online applications
            • Portable applications
            • Advanced data management and authentication
            • Covering your tracks
            • Checking external media
          • Hotspotting Wi-Fi
            • Hardening the firewall
            • Quit sharing
            • Disabling automatic network detection
            • Alternative document storage
            • Encrypted tunnelling with a Virtual Private Network
          • E-mailing clients and webmail
            • Remote webmail clients (and other web applications)
              • Encrypted webmail
              • Checking your encryption type
              • Better webmail solutions
              • Logging out
            • Local software clients
              • Keeping the client updated
              • Instant scanning
              • Sandboxing clients
            • Local and remote clients
              • Plain text or HTML
              • E-mail encryption and digital signatures with PGP
              • Your e-mail addresses
              • Don't become phish food
              • Beware of spoof addresses
            • Damn spam
              • SpamAssassin Trainer
          • Browsers, don't lose your trousers
            • Latest versions
            • Internet Explorer (IE)
            • Isolating older browsers
            • Browsers and security
            • Chrome's USPs (for good and very bad)
            • Chrome outfoxed
            • Firefox security settings
              • The password manager
            • Extending security
              • Ad and cookie cullers
              • FEBE *
              • LastPass *
              • Locationbar²
              • Lock The Text
              • Anti-scripting attacks
              • SSL certificate checks
              • Web of Trust (WOT) *
          • Anonymous browsing
            • Locally private browsing
            • Online private browsing
              • Anonymous proxy server
              • Chained proxies
              • SSL proxies and Virtual Private Networks (VPNs)
              • Corporate and private VPNs
              • Private SOCKS proxy with SSH
          • Networking, friending, and info leak
            • Third party apps and short links
          • Summary
          • Chapter 5: Login Lock-Down
            • Sizing up connection options
              • Protocol soup
            • WordPress administration with SSL
              • SSL for shared hosts
                • Shared, server-wide certificates
                • Dedicated, domain-specific certificates
              • SSL for VPS and dedicated servers
                • Creating a self-signed certificate
                • Using a signed certificate
              • Testing SSL and insecure pages
              • SSL reference
            • SSL and login plugins
            • Locking down indirect access
              • Server login
                • Hushing it up with SSH
                • Shared hosting SSH request
                • Setting up the terminal locally
                • Securing the terminal
              • SFTP not FTP
                • SFTP from the command line
                • SFTP using S/FTP clients
                • Connecting up a client
              • phpMyAdmin login
                • Safer database administration
              • Control panel login
            • Apache modules
              • IP deny with mod_access
                • What is my IP?
                • IP spoofing
              • Password protect directories
                • cPanel's Password Protect Directories
              • Authentication with mod_auth
                • The htaccess file
                • The passwd file
                • Creating and editing password files
                • Creating group membership
                • Basically, it's basic
              • Better passwords with mod_auth_digest
                • Easily digestible groups
              • More authentication methods
                • mod_auth_db and mod_auth_dbm
                • mod_auth_mysql
                • mod_auth_pg95
              • Yet more authentication methods
            • Summary
            • Chapter 6: 10 Must-Do WordPress Tasks
              • Locking it down
              • Backing up the lot
                • Prioritizing backup
                • Full, incremental and differential
                • How and where to backup
                  • Backing up db + files on the web server
                  • Backing up db + files by your web host
                  • Backing up db to (web)mail
                  • Backing up db and/or files to cloud storage
                  • Backing up files for local Windows users
                  • Backing up a database to local machines
                  • Files and db backup for local Mac 'n Linux users
                  • Backing up backup!
              • Updating shrewdly
                • Think, research, update
                • Dry run updates
                • Updating plugins, widgets and other code
                • The new update panel
              • Neutering the admin account
                • The problem with admin
                • Deleting admin
                • OK, don't delete admin!
                • Creating privileged accounts
                  • Private account names and nicknames
                  • Least privilege users
                  • Custom roles
                • Denying subscriptions
              • Correcting permissions creep
                • Pruning permissions at the terminal
                • Restyling perms with a control panel
                • 777 permissions
                • wp-config.php permissions
              • Hiding the WordPress version
                • Binning the readme
                • Cloaking the login page and the version
                • Silver bullets won't fly
              • Nuking the wp_ tables prefix
                • Backing up the database
                • Automated prefix change
                  • Manual prefix change
                • Installing WordPress afresh
              • Setting up secret keys
              • Denying access to wp-config.php
              • Hardening wp-content and wp-includes
                • Extra rules for wp-include's htaccess
                • Extra rules for wp-content's htaccess
              • Summary
              • Chapter 7: Galvanizing WordPress
                • Fast installs with Fantastico ... but is it?
                • Considering a local development server
                  • Using a virtual machine
                • Added protection for wp-config.php
                  • Moving wp-config.php above the WordPress root
                    • Less value for non-root installations
                • WordPress security by ultimate obscurity
                  • Just get on with it
                  • Introducing remove_actions
                    • Blog client references
                    • Feed references
                    • Relational links
                  • Linking relationships thingy
                  • Stylesheet location
                  • Renaming and migrating wp-content
                  • The problem with plugins
                  • The other problem with plugins
                  • Yet another problem with those pesky plugins
                  • Default jQuery files
                  • Themes and things
                  • "Just another WordPress blog"
                  • Ultimate security by obscurity: worth it?
                • Revisiting the htaccess file
                  • Blocking comment spam
                  • Limiting file upload size
                  • Hotlink protection
                  • Protecting files
                  • Hiding the server signature
                  • Protecting the htaccess file
                    • Hiding htaccess files
                    • Ensuring correct permissions
                    • Adding a deny rule
                • Good bot, bad bot
                  • Bot what?
                  • Good bot
                  • Bad bot
                    • Bots blitzkrieg
                  • Snaring the bots
                    • Short circuiting bots with htaccess
                    • Bots to trot
                    • Honey pots
                • Setting up an antimalware suite
                  • Firewall
                  • AntiVirus
                • More login safeguards
                  • Limit Login Attempts
                  • Scuttle log-in errors
                • Concerning code
                  • Deleting redundant code
                  • Scrutinize widgets, plugins and third party code
                  • Ditto for themes
                  • Running malware scans and checking compatibility
                  • Routing rogue plugins
                • Hiding your files
                • Summary
                • Chapter 8: Containing Content
                  • Abused, fair use and user-friendly
                    • Scraping and swearing
                      • The problem with scrapers
                    • Fair play to fair use
                    • Illegality vs. benefit
                    • A nice problem to have (or better still to manage)
                  • Sharing and collaboration
                    • Sack lawyers, employ creative commons
                    • Site and feed licensing
                  • Protecting content
                  • Pre-emptive defense
                    • Backlink bar none
                      • Tweaking the title
                      • Linking lead content
                      • Reasserting with reference
                    • Binning the bots
                    • Coining a copyright notice
                    • Fielding your feeds
                      • Adding a digi-print footer
                      • Showing only summaries
                    • Preventing media hotlinks
                    • Refusing right-clicks
                    • Watermarking your media
                  • Reactive response
                    • Seeking out scrapers
                      • Investigating the Dashboard
                      • Investigating the site and server log
                      • Online investigation
                      • Pinpointing scrapers
                  • Tackling offenders
                    • The cordial approach
                    • The DMCA approach
                    • The jugular approach
                    • The legal approach
                      • Finding the abuse department
                  • Summary
                  • Chapter 9: Serving Up Security
                    • .com blogs vs .org sites
                    • Host type analysis
                      • Choices choices ...
                      • Querying support and community
                      • Questions to ask hosting providers
                    • Control panels and terminals
                      • Safe server access
                      • Understanding the terminal
                        • Elevating to superuser permissions
                      • Setting up a panel
                    • Managing unmanaged with Webmin
                      • Installing Webmin
                      • Securing Webmin
                    • Users, permissions, and dangers
                      • Files and users
                      • Ownership and permissions
                        • Translating symbolic to octal notation
                        • Using change mode to modify permissions
                        • Using change owner to modify ownership
                    • Sniffing out dangerous permissions
                      • Suspect hidden files and directories
                      • Protecting world-writable files
                      • Scrutinising SUID and SGID files (aka SxID files)
                        • Keeping track of changes with SXID
                        • Cronning SXID
                    • System users
                      • Shared human accounts
                      • Administrative accounts
                      • Deleting user accounts
                      • Home directory permissions
                      • User access
                      • Non-human accounts
                    • Repositories, packages, and integrity
                      • Verifying genuine software
                        • MD5 checksums
                        • GnuPG cryptographic signatures
                    • Tracking suspect activity with logs
                      • Reading the Common Log Format (CLF)
                        • What visitor
                        • What file
                        • From where
                        • What client
                      • Exercising the logged data
                        • Chicken and egg with logging plugins
                        • Legwork for access logs
                      • Logs and hosting types
                        • Checking the authorization log
                      • Securing and parsing logs
                        • Enabling logs
                        • Dynamic logs
                        • Off-site logging
                        • Log permissions
                    • Summary
                    • Chapter 10: Solidifying Unmanaged
                      • Hardening the Secure Shell
                        • Protocol 2
                        • Port 22
                        • PermitRootLogin yes
                        • PasswordAuthentication yes
                        • AllowUsers USERNAME
                        • Reloading SSH
                      • chrooted SFTP access with OpenSSH
                        • Binning the FTP service and firewalling the port
                        • Providing a secure workspace
                        • Deleting users safely
                      • PHP's .ini mini guide
                        • Locating your configuration options
                        • Making .ini a meany
                          • open_basedir
                      • Patching PHP with Suhosin
                        • Installing Suhosin
                      • Isolating risk with SuPHP
                        • Installing SuPHP
                        • Alternatives to SuPHP
                      • Containing MySQL databases
                        • Checking for empty passwords
                        • Deleting the test database
                        • Remote db connections with an SSH tunnel
                      • phpMyAdmin: friend or foe?
                        • Did we mention backup?
                      • Bricking up the doors
                        • Ports 101
                      • Fired up on firewalls
                        • Bog-standard iptables firewall
                          • Adding the firewall to the network
                          • Quitting superuser
                          • Reference for iptables
                      • Enhancing usability with CSF
                        • Installing CSF
                        • CSF as a control panel module
                        • Setting up the firewall
                        • Error on stopping the firewall
                        • CSF from the command line
                        • Using CSF to scan for system vulnerabilities
                      • Service or disservice?
                        • Researching services with Netstat
                        • Preparing to remove services
                        • Researching services
                        • inetd and xinetd super-servers
                        • Service watch
                        • Disabling services using a service manager
                          • Using sysv-rc-conf
                        • Deleting unsafe services with harden-servers
                        • Closing the port
                      • Gatekeeping with TCP wrappers
                      • Stockier network stack
                      • Summary
                      • Chapter 11: Defense in Depth
                        • Hardening the kernel with grsecurity
                          • Growling quietly with greater security
                            • Controlling user access with RBAC
                            • Memory protection with PaX
                            • The multi-layered protection model
                            • Debian grsecurity from repositories
                            • Compiling grsecurity into a kernel
                        • Integrity, logs, and alerts with OSSEC
                          • Obtaining and verifying the source
                          • The installation process
                          • Using OSSEC
                          • Updating OSSEC
                          • Easing analysis with a GUI
                            • OSSEC-WUI
                            • Splunk
                        • Slamming backdoors and rootkits
                        • (D)DoS protection with mod_evasive
                        • Sniffing out malformed packets with Snort
                          • Installing the packages
                            • Snort's installation options
                            • Ruby on Rails dependencies
                          • Creating the web interface
                            • Creating a sub-domain using an A record
                            • Setting up the virtual host file
                          • Creating the database
                          • Deploying Ruby on Rails with Passenger
                          • Enabling everything
                          • Browsing to Snorby
                          • Hacking yourself
                          • Configuring the network
                          • Updating Snort's rule-base
                            • Sourcefire Vulnerability Research Team™ (VRT)
                            • Emerging Threats
                        • Firewalling the web with ModSecurity
                          • Installing mod-security, the Apache module
                          • Applying a ruleset
                            • Enabling CRS and logging
                            • Tuning your ruleset
                            • Rulesets and WordPress
                            • Updating rulesets
                          • ModSecurity resources
                        • Summary
                          • Appendix B: Don't Panic! Disaster Recovery
                            • Diagnosis vs. downtime
                            • Securing your users
                              • Considering maintenance mode
                                • Using a plugin
                                • Using a rewrite rule
                            • Local problems
                            • Server and file problems
                            • WordPress problems
                              • Incompatible plugins
                              • Injected plugins
                              • Widgets, third party code and theme problems
                              • Fun 'n' frolics with files
                                • Deep file scanning
                              • Verifying uploads and shared areas
                              • Checking htaccess files
                              • Pruning hidden users
                            • Reinstalling WordPress
                              • Some provisos
                              • Upload WordPress and plugins
                              • Importing a database backup
                              • Editing wp-config-sample.php
                              • Setting least privileges
                              • Sending the clean platform live
                              • Changing your passwords
                              • Checking your search engine results pages
                              • Revisiting WordPress security
                            • Appendix C: Security Policy
                              • Security policy for somesite.com
                                • Aim
                                • Goals
                                • Roles and responsibilities
                                  • Security Manager (SM)
                                  • System Administrator
                                  • Site Administrator
                                  • Site Editors
                                  • Other roles
                                • Network assets
                                  • PCs and media
                                  • Routing gear
                                  • Server
                                • Website assets
                                  • Backup
                                  • Code updates
                                  • Database
                                  • Domain
                                • Further policy considerations
                              • Appendix D: Essential Reference
                                • WordPress 3 Ultimate Security
                                • Bloggers and zines
                                • Forums
                                • Hacking education
                                • Linux
                                • Macs and Windows
                                • Organizations
                                • Penetration testing
                                • Server-side core documents
                                • Toolkits
                                • Web browsers
                                • WordPress
                                  • Mailing lists
                                  • Non-official support

                                Olly Connelly

                                Olly Connelly was conceived in the Summer of Love and likes to think that he's the reincarnation of some dude who copped it after a Woodstock head-banger. Born in Windsor, England, he's no relation. Olly lives with Eugenia, just off a beach in Valencia, Spain. His background is broadcasting and satirical journalism and his experience includes serially annoying the BBC, Bloomberg, and MTV. Web-wise, Olly's a freelance content producer, web developer, and system administrator. His site vpsBible.com guides Linux newbies to set up and maintain their own unmanaged VPS boxes. At guvnr.com, meanwhile, he chats up the web and tries equally to demystify the complex. You can also catch @the_guv on the mighty T where he tweets tech 'n tonics. • vpsBible, Setup Unmanaged VPS 4 Linux Noobs! – http://vpsbible.com • guvnr.com, Make the web, make more of it – http://guvnr.com • on Twitter, Tech 'n tonics – http://twitter.com/the_guv • Olly Connelly, Pop by, say hi :) – ollybook@guvnr.com He likes kite-surfing, George Norey's CoasttoCoastam.com, ranting about (what's censored on) the news and, failing all that, a damn fine pint.
                                Sorry, we don't have any reviews for this title yet.

                                Code Downloads

                                Download the code and support files for this book.

                                Submit Errata

                                Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

                                Sample chapters

                                You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                                Frequently bought together

                                WordPress 3 Ultimate Security +    Oracle JRockit: The Definitive Guide =
                                50% Off
                                the second eBook
                                Price for both: $50.70

                                Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                                What you will learn from this book

                                • Hack or be hacked! Learn the mind-set, how attackers work, the methods they employ and how to use those to secure WordPress
                                • Work safely from anywhere, using the latest antimalware tools on your PC and being secure even on infected shared machines
                                • Understand the dangers of wireless connections, maximize your router's protection and know how to safely use public WiFi hotspots
                                • Learn about and use the toughest internet protocols to connect to your server, site, and files with military-strength encryption
                                • Find out how to hide your Dashboard and any other sensitive web files by using code, plugins, and Apache modules
                                • Carry out dozens of WordPress security tasks using either plugins or code and utilizing either a control panel or terminal
                                • Keep tabs on content, find out who is using it, and how to enforce your copyright (and safeguard your SEO)
                                • Know the risks with control panels and interfaces like phpMyAdmin, learning how to solidify them or completely hide them from attackers
                                • Recover from a WordPress disaster, properly diagnosing the underlying cause of the problem so that it won't be repeated
                                • Consider the security differences between web hosting types and know what kind of security questions to ask a shared host
                                • Grasp key Linux concepts like file ownership and permissions, using the terminal to maximize security options (for shared hosting too)
                                • Reinforce the server with – for starters – an encrypted connection, network, firewall, and kernel hardening and with a web application firewall

                                In Detail

                                Most likely – today – some hacker tried to crack your WordPress site, its data and content – maybe once but, with automated tools, very likely dozens or hundreds of times. There's no silver bullet but if you want to cut the odds of a successful attack from practically inevitable to practically zero, read this book.

                                WordPress 3 Ultimate Security shows you how to hack your site before someone else does. You'll uncover its weaknesses before sealing them off, securing your content and your day-to-day local-to-remote editorial process. This is more than some "10 Tips ..." guide. It's ultimate protection – because that's what you need.

                                Survey your network, using the insight from this book to scan for and seal the holes before galvanizing the network with a rack of cool tools. Solid!

                                The WordPress platform is only as safe as the weakest network link, administrator discipline, and your security knowledge. We'll cover the bases, underpinning your working process from any location, containing content, locking down the platform, your web files, the database, and the server. With that done, your ongoing security is infinitely more manageable.

                                Covering deep-set security yet enjoyable to read, WordPress 3 Ultimate Security will multiply your understanding and fortify your site.

                                This is an essential guide to securing your WordPress site and content, which shows what to do locally, wirelessly, server-side, and with the application to keep the bad guys out.


                                This is a comprehensive essential guide to WordPress security written in a light style, which converts learning a really serious topic to an enjoyable read. It is packed with copy-paste solutions to security to suit all levels of security know-how.

                                Who this book is for

                                Just as WordPress is used by a broad spectrum of website owners, with varying degrees of security know-how, so WordPress 3 Ultimate Security is written to be understood by security novices and web professionals alike. From site and server owners and administrators to members of their contributing team, this essential A to Z reference takes a complex and, let's face it, frankly dull subject and makes it accessible, encouraging, and sometimes even fun. Even if you are a total newbie to security, you can transform an insecure site into an iron-clad fortress, safeguarding your site users, your content and, sooner or later, your stress level.

                                Code Download and Errata
                                Packt Anytime, Anywhere
                                Register Books
                                Print Upgrades
                                eBook Downloads
                                Video Support
                                Contact Us
                                Awards Voting Nominations Previous Winners
                                Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                                Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software