Some of the old-timers round here who first knew me from Guvnr may remember a pretty well-known WordPress security blog post over there, Video How-to: 10 Tips To Make WordPress Hack-Proof.
In the comments there I promised a follow-up because, frankly, I wasn't satisfied with the content, it just didn't cover the WordPress security bases. The problem was, to properly advise on such a vast subject one doesn't require so much a simple Top 10 Tips style post, helpful as they can be, nor even a short series of security posts but, such is the threatscape, instead to wade in waste deep with a far broader work.
As it turned out, along came a publisher, the techy house Packt Publishing, saw that piece and asked me to expand the topic into a book. What an honor. (Thank you guys.) How could I refuse?
Amidst other projects and one year in the making, my first tome WordPress 3 Ultimate Security is the result of my want of a proper reckoning, nigh-on 400 pages of security lock-down, a step-by-step of everything you absolutely need to know, and do, to protect your WordPress site, your site users, yours and their data, your content, your hobby or business and, maybe most important of all, your stress level and hairline.
I've done my utmost best to make the thing readable, enjoyable, not just an in-geek tome but genuinely noob-friendly, even with the tricky topics. And let's face it, for most of us, however concerned we must be, with the austere glaze-over that is the world of security, we desperately need technical topics crossed with usability.
… Then again, as I hope to have illustrated, web security can be truly fun ;). And satisfying.
Oh, sorry, fell asleep. Anyway, have a press release, explaining the whys and wherefores.
(I ripped this post from Guvnr, duping it here and hoping for the mercy of the Almighty G. I gave them some guvLuv so figure you may as well have some too. Therefore. Have some love.)
(Cue the drums …)
WordPress 3 Ultimate Security: Press Release
WordPress 3 Ultimate Security, the first-ever book explaining in detail how to secure the popular blogging and content management platform, WordPress, has been released and already is clocking up impressive sales, both in e-book and hard copy formats. Here's the detail:-
- WordPress 3 Ultimate Security – http://guv.li/wpvps
Written for noobs and pros alike by Olly Connelly, aka the_guv on his guvnr.com and vpsBible.com websites and @the_guv on Twitter, and published by the technical house Packt Publishing, the book addresses not merely WordPress directly but tackles the myriad of ways that WordPress, its database and copyright content can be breached indirectly, via its wider network. As the author states in the work's Preface:-
“Most likely, today, some hacker tried to crack your WordPress site. Maybe that was some bored kid. Just as likely, it was an automated hit trying dozens of attacks to find a soft spot. Quite likely it was both.
“The threatscape is vast. Risk stretches from your keyboard, through and out the back of your local machine, buzzing around its network, maybe through your phone, into the router, hopping across your surfing, into the remote server, buzzing around that network and jumping all over WordPress.”
As such, WordPress 3 Ultimate Security doesn't simply expand upon those few, heavily-blogged, WordPress-specific security tips, but considers each and every potential breach of site and content security, detailing preventative measures from shoring up the local administrator's devices all the way through to layering defense in depth techniques on the server.
The book contains hundreds of external references to true-tested plugins, security wares and modules and to security and ethical hacking resources. It explains how safely to administer WordPress, for instance using HTTPS, SFTP and SSH or when using a shared terminal, café or wifi hotspot. It has chapters dedicated to copyright protection, to setting up a security policy, how properly to recover from disaster and how to evaluate a web host. Proactively, it even tutors readers with the hacker's methodology, and toolset, so as to uncover vulnerabilities by hacking ourselves, safely, before someone else does, maliciously.
“Your site is only as safe as its weakest local-to-remote link,” says Connelly. “This work is designed to address that, from A to Z and, frankly, while there's no silver bullet, we can reduce the risk of a successful attack from practically inevitable to practically zero.”