If you manage your own WordPress website, you should have this book. If you have someone else manage your WordPress website for you, they should have this book.
WordPress 3 Ultimate Security by Olly Connelly is a comprehensive guide, not just to WordPress security, but to Internet security in general. My initial thought when buying the book was that it would compile a bunch of WordPress-specific security best practices into one concise resource. It does indeed do that, but as it turns out, having a secure WordPress website goes way beyond just securing your WordPress installation. Olly Connelly does a superb job of laying out a comprehensive overview of Internet security to help you set up and maintain a clean WordPress website that is as hacker-resistant as possible, from securing your own personal computer, your access point to the Internet, to your web server and of course the WordPress package itself.
In dealing with recent WordPress hacks, I was left wondering, who are these hackers that have hacked my site and how did they do it? The book starts off with an introduction to the overall threatscape including who the hackers are, including how they work, their basic methodology (reconnaissance, scanning, gain access, secure access, cover tracks) and tools that they use. This is important in being able to assess your risk, which is the result of vulnerability times threat.
After having introduced us to the hackers and their ways, Olly covers securing your own computer, with a detailed analysis of tools and techniques for securing your PC, especially, Windows PCs. In a logical progression he then covers security related to accessing the Internet, including local networks, Wi-Fi and browsers and security related to connecting to your web server. These are not WordPress specific issues, but they all represent potential vulnerabilities that hackers can exploit to gain access to your WordPress site.
After five chapters and 150 pages covering these topics, Olly jumps into the WordPress-specific issues. In chapter 6, he outlines 10 must-do WordPress tasks. Then in chapter 7 dives into more WordPress specific tips for hardening your WordPress installation.
Chapter 8 is dedicated to a subject that many might not have considered a security risk – securing your content from scrappers and copyright theft.
The remaining chapters are dedicated to some advanced techniques for locking down your web server. A lot of the content in these chapters will probably overwhelm those who are not technically inclined, but it is important and relevant and the book would be incomplete if it were omitted.
Overall, I give the book very high marks for its comprehensive nature and easy-to-follow style. Being a fan of visual communication, my only quibble with the book is that I would have liked to have seen more illustrations. There’s a lot of technical material in the book and Olly does a very good job of explaining in a way that even the technically-challenged should be able to grok. But, I spend a fair bit of time consulting with technically-challenged clients on WordPress issues and my sense is that visual illustrations are very useful in helping to demystify and explain complex technical issues.
Nevertheless, I still highly recommend the book for anyone who has a WordPress website. It may not be a fun topic and yes it is a bit scary, but if you have a WordPres website you are a definite target for hackers and I have no doubt that your site will come under attack at some point, if it hasn’t already. The more you know about security the more you’ll be able to make it less attractive for the hackers to bother with. Buy the book and be informed.