Book Image

WordPress 3 Ultimate Security

Book Image

WordPress 3 Ultimate Security

Overview of this book

Most likely – today – some hacker tried to crack your WordPress site, its data and content – maybe once but, with automated tools, very likely dozens or hundreds of times. There's no silver bullet but if you want to cut the odds of a successful attack from practically inevitable to practically zero, read this book. WordPress 3 Ultimate Security shows you how to hack your site before someone else does. You'll uncover its weaknesses before sealing them off, securing your content and your day-to-day local-to-remote editorial process. This is more than some "10 Tips ..." guide. It's ultimate protection – because that's what you need. Survey your network, using the insight from this book to scan for and seal the holes before galvanizing the network with a rack of cool tools. Solid! The WordPress platform is only as safe as the weakest network link, administrator discipline, and your security knowledge. We'll cover the bases, underpinning your working process from any location, containing content, locking down the platform, your web files, the database, and the server. With that done, your ongoing security is infinitely more manageable. Covering deep-set security yet enjoyable to read, WordPress 3 Ultimate Security will multiply your understanding and fortify your site.
Table of Contents (23 chapters)
WordPress 3 Ultimate Security
Credits
About the Author
Acknowledgement
About the Reviewers
www.PacktPub.com
Preface
Index

Meet the hackers


This may sound like anathema, but a hefty chunk of this book is devoted to cajoling your angelic innocence into something more akin to that of a hacker's savvy.

This isn't some cunning ploy by yours-truly to see for how many readers I can attain visitor's rights, you understand. The fact is, as we practise in Chapter 2 and as any crime agency would explain, to catch a thief one has to think like one.

Besides, not all hackers are such bad hats. Far from it. Overall there are three types—white hat, grey hat, and black hat—each with their sub-groups.

White hat

One important precedent sets white hats above and beyond other groups: permission.

Also known as ethical hackers, these decent upstanding folks are motivated:

  • To learn about security

  • To test for vulnerabilities

  • To find and monitor malicious activity

  • To report issues

  • To advise others

  • To do nothing illegal

  • To abide by a set of ethics to not harm anyone

So when we're testing our security to the limit, that should include us. Keep that in mind.

Black hat

Out-and-out dodgy dealers. They have nefarious intent and are loosely sub-categorized:

Botnets

A botnet is a network of automated robots, or scripts, often involved in malicious activity such as spamming or data-mining. The network tends to be comprised of zombie machines, such as your server, which are called upon at will to cause general mayhem.

Botnet operators, the actual black hats, have no interest in damaging most sites. Instead they want quiet control of the underlying server resources so their malbots can, by way of more examples, spread malware or Denial of Service (DoS) attacks, the latter using multiple zombies to shower queries to a server to saturate resources and drown out a site.

Cybercriminals

These are hackers and gangs whose activity ranges from writing and automating malware to data-mining, the extraction of sensitive information to extort or sell for profit. They tend not to make nice enemies, so I'll just add that they're awfully clever.

Hacktivists

Politically-minded and often inclined towards freedom of information, hacktivists may fit into one of the previous groups, but would argue that they have a justifiable cause.

Scrapers

While not technically hackers, scrapers steal content—often on an automated basis from site feeds—for the benefit of their generally charmless blog or blog farms.

Script kiddies

This broad group ranges anything from well-intentioned novices (white hat) to online graffiti artists who, when successfully evading community service, deface sites for kicks.

Armed with tutorials galore and a share full of malicious warez, the hell-bent are a great threat because, seeking bragging rights, they spew as much damage as they possibly can.

Spammers

Again not technically hackers but this vast group leeches off blogs and mailing lists to promote their businesses which frequently seem to revolve around exotic pharmaceutical products. They may automate bomb marketing or embed hidden links but, however educational their comments may be, spammers are generally, but not always, just a nuisance and a benign threat.

Misfits

Not jargon this time, this miscellaneous group includes disgruntled employees, the generally unloved, and that guy over the road who never really liked you.

Grey hat

Grey hatters may have good intentions, but seem to have a knack for misplacing their moral compass, so there's a qualification for going into politics. One might argue, for that matter, that government intelligence departments provide a prime example.

Hackers and crackers

Strictly speaking, hackers are white hat folks who just like pulling things apart to see how they work. Most likely, as kids, they preferred Meccano to Lego.

Crackers are black or grey hat. They probably borrowed someone else's Meccano, then built something explosive.

Over the years, the lines between hacker and cracker have become blurred to the point that put-out hackers often classify themselves as ethical hackers.

This author would argue the point but, largely in the spirit of living language, won't, instead referring to all those trying to break in, for good or bad, as hackers. Let your conscience guide you as to which is which instance and, failing that, find a good priest.