Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying WordPress 3 Ultimate Security
  • Table Of Contents Toc
WordPress 3 Ultimate Security

WordPress 3 Ultimate Security

4.6 (7)
Buy this Book
close
close
WordPress 3 Ultimate Security

WordPress 3 Ultimate Security

4.6 (7)
Buy this Book

Overview of this book

Most likely – today – some hacker tried to crack your WordPress site, its data and content – maybe once but, with automated tools, very likely dozens or hundreds of times. There's no silver bullet but if you want to cut the odds of a successful attack from practically inevitable to practically zero, read this book. WordPress 3 Ultimate Security shows you how to hack your site before someone else does. You'll uncover its weaknesses before sealing them off, securing your content and your day-to-day local-to-remote editorial process. This is more than some "10 Tips ..." guide. It's ultimate protection – because that's what you need. Survey your network, using the insight from this book to scan for and seal the holes before galvanizing the network with a rack of cool tools. Solid! The WordPress platform is only as safe as the weakest network link, administrator discipline, and your security knowledge. We'll cover the bases, underpinning your working process from any location, containing content, locking down the platform, your web files, the database, and the server. With that done, your ongoing security is infinitely more manageable. Covering deep-set security yet enjoyable to read, WordPress 3 Ultimate Security will multiply your understanding and fortify your site.
Table of Contents (23 chapters)
close
close
close
WordPress 3 Ultimate Security
Icon
WordPress 3 Ultimate Security
Credits
Icon
Credits
About the Author
Icon
About the Author
Acknowledgement
Icon
Acknowledgement
About the Reviewers
Icon
About the Reviewers
www.PacktPub.com
Icon
www.PacktPub.com
Preface
Icon
Preface
Lock Free Chapter
1
So What's the Risk?
chevron up
Icon
So What's the Risk?
Icon
Calculated risk
Icon
An overview of our risk
Icon
Meet the hackers
Icon
Physically hacked off
Icon
Social engineering
Icon
Weighing up Windows, Linux, and Mac OS X
Icon
Malwares dissected
Icon
World wide worry
Icon
Overall risk to the site and server
Icon
Summary
2
Hack or Be Hacked
Icon
Hack or Be Hacked
Icon
Introducing the hacker's methodology
Icon
Ethical hacking vs. doing time
Icon
The reconnaissance phase
Icon
Demystifying DNS
Icon
Domain name security
Icon
The scanning phase
Icon
Summary
3
Securing the Local Box
Icon
Securing the Local Box
Icon
Breaking Windows: considering alternatives
Icon
Windows security services
Icon
Proactive about anti-malware
Icon
The almost perfect anti-malware solution
Icon
Windows user accounts
Icon
Managing passwords and sensitive data
Icon
Securing data and backup solutions
Icon
Programming a safer system
Icon
Summary
4
Surf Safe
Icon
Surf Safe
Icon
Look (out), no wires
Icon
Network security re-routed
Icon
Using public computers – it can be done
Icon
Hotspotting Wi-Fi
Icon
E-mailing clients and webmail
Icon
Browsers, don't lose your trousers
Icon
Anonymous browsing
Icon
Networking, friending, and info leak
Icon
Summary
5
Login Lock-Down
Icon
Login Lock-Down
Icon
Sizing up connection options
Icon
WordPress administration with SSL
Icon
SSL and login plugins
Icon
Locking down indirect access
Icon
Apache modules
Icon
Summary
6
10 Must-Do WordPress Tasks
Icon
10 Must-Do WordPress Tasks
Icon
Locking it down
Icon
Backing up the lot
Icon
Updating shrewdly
Icon
Neutering the admin account
Icon
Correcting permissions creep
Icon
Hiding the WordPress version
Icon
Nuking the wp_ tables prefix
Icon
Setting up secret keys
Icon
Denying access to wp-config.php
Icon
Hardening wp-content and wp-includes
Icon
Summary
7
Galvanizing WordPress
Icon
Galvanizing WordPress
Icon
Fast installs with Fantastico ... but is it?
Icon
Considering a local development server
Icon
Added protection for wp-config.php
Icon
WordPress security by ultimate obscurity
Icon
Revisiting the htaccess file
Icon
Good bot, bad bot
Icon
Setting up an antimalware suite
Icon
More login safeguards
Icon
Concerning code
Icon
Hiding your files
Icon
Summary
8
Containing Content
Icon
Containing Content
Icon
Abused, fair use and user-friendly
Icon
Illegality vs. benefit
Icon
A nice problem to have (or better still to manage)
Icon
Sharing and collaboration
Icon
Protecting content
Icon
Pre-emptive defense
Icon
Reactive response
Icon
Tackling offenders
Icon
Summary
9
Serving Up Security
Icon
Serving Up Security
Icon
.com blogs vs .org sites
Icon
Host type analysis
Icon
Control panels and terminals
Icon
Managing unmanaged with Webmin
Icon
Users, permissions, and dangers
Icon
Sniffing out dangerous permissions
Icon
System users
Icon
Repositories, packages, and integrity
Icon
Tracking suspect activity with logs
Icon
Summary
10
Solidifying Unmanaged
Icon
Solidifying Unmanaged
Icon
Hardening the Secure Shell
Icon
chrooted SFTP access with OpenSSH
Icon
PHP's .ini mini guide
Icon
Patching PHP with Suhosin
Icon
Isolating risk with SuPHP
Icon
Containing MySQL databases
Icon
phpMyAdmin: friend or foe?
Icon
Bricking up the doors
Icon
Fired up on firewalls
Icon
Enhancing usability with CSF
Icon
Service or disservice?
Icon
Gatekeeping with TCP wrappers
Icon
Stockier network stack
Icon
Summary
11
Defense in Depth
Icon
Defense in Depth
Icon
Hardening the kernel with grsecurity
Icon
Integrity, logs, and alerts with OSSEC
Icon
Using OSSEC
Icon
Updating OSSEC
Icon
Easing analysis with a GUI
Icon
Slamming backdoors and rootkits
Icon
(D)DoS protection with mod_evasive
Icon
Sniffing out malformed packets with Snort
Icon
Firewalling the web with ModSecurity
Icon
Summary
1
Plugins for Paranoia
Icon
Plugins for Paranoia
Icon
Anti-malware
Icon
Backup
Icon
Content
Icon
Login
Icon
Spam
Icon
SSL
Icon
Users
2
Don't Panic! Disaster Recovery
Icon
Don't Panic! Disaster Recovery
Icon
Diagnosis vs. downtime
Icon
Securing your users
Icon
Local problems
Icon
Server and file problems
Icon
WordPress problems
Icon
Verifying uploads and shared areas
Icon
Checking htaccess files
Icon
Pruning hidden users
Icon
Reinstalling WordPress
3
Security Policy
Icon
Security Policy
Icon
Security policy for somesite.com
4
Essential Reference
Icon
Essential Reference
Icon
WordPress 3 Ultimate Security
Icon
Bloggers and zines
Icon
Forums
Icon
Hacking education
Icon
Linux
Icon
Macs and Windows
Icon
Organizations
Icon
Penetration testing
Icon
Server-side core documents
Icon
Toolkits
Icon
Web browsers
Icon
WordPress
Icon
Mailing lists
Icon
Non-official support
5
Index
Icon
Index

Chapter 1. So What's the Risk?

You'd best sit down.

It stands to reason that we can't properly secure a WordPress site until we have a heads-up on its vulnerabilities and the threats it faces. So let's kick off by ensuring awareness.

In this opening chapter, we'll set the scene by introducing the hackers and their tricks and considering how the former plies the latter against a site, whether directly or indirectly:

  • Knowing the enemy, the variety of mindset, and the levels of skill

  • Considering physical security and the threat from social engineering

  • Weighing up OS security, allow vs. deny policies and open vs. closed source

  • Mulling over malware in its many shapes and forms

  • Assessing risks from local devices such as PCs and routers

  • Treading carefully in the malicious minefield that is the web

  • Sizing up vulnerabilities to WordPress and its third party code

  • Addressing the frailties of and attacks to your server-side environment

You may think that most of this is irrelevant to WordPress security. Sadly, you'd be wrong.

Your site is only as safe as the weakest link: of the devices that assist in administering it or its server; of your physical security; or of your computing and online discipline. To sharpen the point with a simple example, whether you have an Automattic-managed wordpress.com blog or unmanaged dedicated site hosting, if a hacker grabs a password on your local PC, then all bets are off. If a hacker can borrow your phone, then all bets are off. If a hacker can coerce you to a malicious site, then all bets are off. And so on.

Let's get one thing clear. There is no silver bullet as I will repeat throughout this book. There is no such thing as total security and anyone who says any different is selling something. Then again, what we can achieve, given ongoing attention, is to boost our understanding, to lock our locations, to harden our devices, to consolidate our networks, to screen our sites and, certainly not least of all, to discipline our computing practice.

Even this carries no guarantee. Tell you what though, it's pretty darned tight. Let's jump in and, who knows, maybe even have a laugh here and there to keep us awake ☺.

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
WordPress 3 Ultimate Security
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon