I’ve just finished reading WordPress 3 Ultimate Security by Olly Connelly, which aims to help you make sure your WordPress installs are as protected as you can make them. Security is often one of the most intimidating pieces of running your own site, which is one of the major contributors to the popularity of shared hosting since many people are not comfortable managing their own server. Unfortunately though, shared hosting is often a false sense of security and can expose you further than a more segmented environment.
That doesn’t take away from the importance of being a responsible and reliable source of information for your clients. It’s very likely that your clients have no idea how their website works or how it’s even online, they just know who to call when something isn’t working properly. If you’re in charge of that environment, it would be a disservice to your client to cut corners or take a quick way out when it comes to their server setup. WordPress 3 Ultimate Security aims to help you harden your WordPress installs, resulting in a more stable, longer lasting website powered by WordPress.
WordPress 3 Ultimate Security is quite a comprehensive guide. I wasn’t sure what to expect when reading the first chapter but it quickly became apparent that the content was going to sprawl the entirety of security as much as it were applicable. The chapter list is as follows:
- So What’s the Risk?
- Hack or Be Hacked
- Securing the Local Box
- Surf Safe
- Login Lock-Down
- 10 Must-Do WordPress Tasks
- Galvanizing WordPress
- Containing Content
- Serving Up Security
- Solidifying Unmanaged
- Defense in Depth
Each chapter is further subdivided into a number of dense subsections covering a multitude of topics. The breadth of coverage impressed me from the start. Additionally, the tools and topics covered were modern, up-to-date, tried, and tested. I’ve read a number of security books and it’s rare to find one with comprehensive coverage of tools that will all be useful as you read through the chapters. Chapter 2 is especially interesting in this regard, as you’re guided through the process of analyzing and scanning a possible target as though you yourself were the hacker (or cracker in this case).
Chapter 3 provides extensive coverage on securing your local machine, which is a significant portion of every good security policy. Many times people forget that the biggest security vulnerability could have absolutely nothing to do with your server or the network it’s on, but instead your local computer. The one that insecurely stores you WordPress administrator login information.
WordPress-specific content doesn’t really ramp up until Chapter 5 of the book. SSL and security-oriented Apache modules are the focus of the chapter, leading up to Chapter 6 which outlines a number of smaller tasks that can help with WordPress security through obscurity.
The book moves into the server side of things in Chapter 9. The author gives advice on choosing the right host based on a number of criteria, outlines the pros and cons of popular control panel software solutions, explains how users and permissions work, all the way down to implementing a useful logging system.
The book gets even more detailed from there by discussing lower level server administration steps that can be taken in an effort to minimize the various ways a cracker may be able to obtain unauthorized access to your system. Through Chapter 11 I became increasingly impressed with the level of detail the author went to in discussing the vast number of responsibilities required when it comes to server administration tied into ways they can be exploited and ways you can thwart those attacks.
While I couldn’t consider this title to be the last one you should read on modern server security, I would highly suggest it as a starting point for things to look into as time goes on.
After making it through the nearly 400 pages of content I was honestly impressed with the amount of content offered in the book. The author does a fantastic job of covering an extremely wide variety of angles which makes complete sense with such a diverse topic as security. If you were to follow the advice offered in the book you’d be left with not only a strong server environment, but a more secure local environment as well.
If you’re the person responsible for your client’s WordPress installs, or responsible for your own, taking a read through WordPress 3 Ultimate Security by Olly Connelly will very likely teach you a few things in a number of areas concerning your install. My take home message is an overall feeling of being impressed with the volume of content covered in under 400 pages. That said, the book may prove to be a bit overwhelming to some people who are less technical, but if that’s the case, unmanaged hosting might not be the place for you.