Free Sample
+ Collection

WordPress 3 Ultimate Security

Olly Connelly

WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery.
RRP $29.99
RRP $49.99
Print + eBook

Want this title & more?

$12.99 p/month

Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Book Details

ISBN 139781849512107
Paperback408 pages

About This Book

  • Know the risks, think like a hacker, use their toolkit, find problems first – and kick attacks into touch
  • Lock down your entire network from the local PC and web connection to the server and WordPress itself
  • Find out how to back up and secure your content and, when it's scraped, know what to do to enforce your copyright
  • Understand disaster recovery and use the best-of-breed tools, code, modules, techniques, and plugins to insure against attacks
  • Learn fast with this easy-read, jargon-light book jam-packed with copy-paste solutions to suit all levels

Who This Book Is For

Just as WordPress is used by a broad spectrum of website owners, with varying degrees of security know-how, so WordPress 3 Ultimate Security is written to be understood by security novices and web professionals alike. From site and server owners and administrators to members of their contributing team, this essential A to Z reference takes a complex and, let's face it, frankly dull subject and makes it accessible, encouraging, and sometimes even fun. Even if you are a total newbie to security, you can transform an insecure site into an iron-clad fortress, safeguarding your site users, your content and, sooner or later, your stress level.

Table of Contents

Chapter 1: So What's the Risk?
Calculated risk
An overview of our risk
Meet the hackers
Physically hacked off
Social engineering
Weighing up Windows, Linux, and Mac OS X
Malwares dissected
World wide worry
Overall risk to the site and server
Chapter 2: Hack or Be Hacked
Introducing the hacker's methodology
Ethical hacking vs. doing time
The reconnaissance phase
Demystifying DNS
Domain name security
The scanning phase
Chapter 3: Securing the Local Box
Breaking Windows: considering alternatives
Windows security services
Proactive about anti-malware
The almost perfect anti-malware solution
Windows user accounts
Managing passwords and sensitive data
Securing data and backup solutions
Programming a safer system
Chapter 4: Surf Safe
Look (out), no wires
Network security re-routed
Using public computers – it can be done
Hotspotting Wi-Fi
E-mailing clients and webmail
Browsers, don't lose your trousers
Anonymous browsing
Networking, friending, and info leak
Chapter 5: Login Lock-Down
Sizing up connection options
WordPress administration with SSL
SSL and login plugins
Locking down indirect access
Apache modules
Chapter 6: 10 Must-Do WordPress Tasks
Locking it down
Backing up the lot
Updating shrewdly
Neutering the admin account
Correcting permissions creep
Hiding the WordPress version
Nuking the wp_ tables prefix
Setting up secret keys
Denying access to wp-config.php
Hardening wp-content and wp-includes
Chapter 7: Galvanizing WordPress
Fast installs with Fantastico ... but is it?
Considering a local development server
Added protection for wp-config.php
WordPress security by ultimate obscurity
Revisiting the htaccess file
Good bot, bad bot
Setting up an antimalware suite
More login safeguards
Concerning code
Hiding your files
Chapter 8: Containing Content
Abused, fair use and user-friendly
Illegality vs. benefit
A nice problem to have (or better still to manage)
Sharing and collaboration
Protecting content
Pre-emptive defense
Reactive response
Tackling offenders
Chapter 9: Serving Up Security
.com blogs vs .org sites
Host type analysis
Control panels and terminals
Managing unmanaged with Webmin
Users, permissions, and dangers
Sniffing out dangerous permissions
System users
Repositories, packages, and integrity
Tracking suspect activity with logs
Chapter 10: Solidifying Unmanaged
Hardening the Secure Shell
chrooted SFTP access with OpenSSH
PHP's .ini mini guide
Patching PHP with Suhosin
Isolating risk with SuPHP
Containing MySQL databases
phpMyAdmin: friend or foe?
Bricking up the doors
Fired up on firewalls
Enhancing usability with CSF
Service or disservice?
Gatekeeping with TCP wrappers
Stockier network stack
Chapter 11: Defense in Depth
Hardening the kernel with grsecurity
Integrity, logs, and alerts with OSSEC
Updating OSSEC
Easing analysis with a GUI
Slamming backdoors and rootkits
(D)DoS protection with mod_evasive
Sniffing out malformed packets with Snort
Firewalling the web with ModSecurity

What You Will Learn

  • Hack or be hacked! Learn the mind-set, how attackers work, the methods they employ and how to use those to secure WordPress
  • Work safely from anywhere, using the latest antimalware tools on your PC and being secure even on infected shared machines
  • Understand the dangers of wireless connections, maximize your router's protection and know how to safely use public WiFi hotspots
  • Learn about and use the toughest internet protocols to connect to your server, site, and files with military-strength encryption
  • Find out how to hide your Dashboard and any other sensitive web files by using code, plugins, and Apache modules
  • Carry out dozens of WordPress security tasks using either plugins or code and utilizing either a control panel or terminal
  • Keep tabs on content, find out who is using it, and how to enforce your copyright (and safeguard your SEO)
  • Know the risks with control panels and interfaces like phpMyAdmin, learning how to solidify them or completely hide them from attackers
  • Recover from a WordPress disaster, properly diagnosing the underlying cause of the problem so that it won't be repeated
  • Consider the security differences between web hosting types and know what kind of security questions to ask a shared host
  • Grasp key Linux concepts like file ownership and permissions, using the terminal to maximize security options (for shared hosting too)
  • Reinforce the server with – for starters – an encrypted connection, network, firewall, and kernel hardening and with a web application firewall

In Detail

Most likely – today – some hacker tried to crack your WordPress site, its data and content – maybe once but, with automated tools, very likely dozens or hundreds of times. There's no silver bullet but if you want to cut the odds of a successful attack from practically inevitable to practically zero, read this book.

WordPress 3 Ultimate Security shows you how to hack your site before someone else does. You'll uncover its weaknesses before sealing them off, securing your content and your day-to-day local-to-remote editorial process. This is more than some "10 Tips ..." guide. It's ultimate protection – because that's what you need.

Survey your network, using the insight from this book to scan for and seal the holes before galvanizing the network with a rack of cool tools. Solid!

The WordPress platform is only as safe as the weakest network link, administrator discipline, and your security knowledge. We'll cover the bases, underpinning your working process from any location, containing content, locking down the platform, your web files, the database, and the server. With that done, your ongoing security is infinitely more manageable.

Covering deep-set security yet enjoyable to read, WordPress 3 Ultimate Security will multiply your understanding and fortify your site.


Read More