This is a comprehensive essential guide to WordPress security written in a light style, which converts learning a really serious topic to an enjoyable read. It is packed with copy-paste solutions to security to suit all levels of security know-how. Just as WordPress is used by a broad spectrum of website owners, with varying degrees of security know-how, so WordPress 3 Ultimate Security is written to be understood by security novices and web professionals alike.
From site and server owners and administrators to members of their contributing team, this essential A to Z reference takes a complex and, let’s face it, frankly dull subject and makes it accessible, encouraging, and sometimes even fun. Even if you are a total newbie to security, you can transform an insecure site into an iron-clad fortress, safeguarding your site users, your content and, sooner or later, your stress level.
What this book covers
Chapter 1, So What’s the Risk? sets the scene by outlining the vulnerabilities of WordPress, both directly and indirectly, coupled with the threats seeking to manipulate those frailties and ultimately helping us to weigh up the risk to our sites and blogs.
Chapter 2, Hack or Be Hacked practises our newly-gained theoretical awareness, giving us the hacker’s mindset, the methodology, and the toolkit to flag vulnerabilities with WordPress, its server, its network, and contingent devices.
Chapter 3, Securing the Local Box does just that, taking a potentially flaky working environment and reinforcing it with a best of breed anti-malware solution to give us a solid foundation from where to administer the site.
Chapter 4, Surf Safe plugs us tentatively into the wall, and the web, throwing up the problems we face while pinning down the solutions we need to navigate securely this perilous minefield of malicious intent.
Chapter 5, Login Lock-Down maps out the web’s mass transport system, its protocols, directing their correct use for securely delivering data while armour-plating precious destinations such as the Dashboard, the server, and phpMyAdmin.
Chapter 6, 10 Must-Do WordPress Tasks gives the platform teeth by addressing common shortcomings with a heap of tips along the way to secure administration and, also for example, setting up an automated off-server backup system.
Chapter 7, Galvanizing WordPress sets out numerous advanced techniques to defend against hackers, scrapers, and spammers while again advising on a range of admin issues such as a security-assistive local development strategy.
Chapter 8, Containing Content addresses ours, explaining the law and our copyright options, showing how to benefit from managed reuse and setting out tools and strategies to defend, track, and regain control of copy and media.
Chapter 9, Serving Up Security boots us into our site’s security-interdependent hosting assessment, demystifying least privilege user and file protection while tracking malicious activity with the correct use of logs.
Chapter 10, Solidifying Unmanaged takes due care to harden server and control panel access, to isolate web and server files, to protect PHP and databases, and to firewall the lot with an extensively tweaked network configuration.
Chapter 11, Defense in Depth fortifies the site and server with kernel and memory patching, a web application firewall, simplified logs management and host-, network- and rootkit-based detection systems.
Appendix A, Plugins for Paranoia is my personal pick of the protective plugin pack, with each and every one thoroughly tested and listed on merit.
Appendix B, Don’t Panic! Disaster Recovery sequentially orders a strategy to protect our site users, our reputation, and SEO before finding and rectifying problems to get the site back online in the quickest possible time.
Appendix C, Security Policy provides a working document template setting out a framework strategy to pre-empt and future-proof your ongoing security concerns.
Appendix D, Essential Reference pools security’s big gun websites including blogs, forums, hacking tools, organizations and, oddly enough, WordPress resources.