‘WordPress 3 Ultimate Security’ Book – Press Release


Some of you may have found this site off the back of a pretty well-known post about WordPress security, 10 Tips To Make WordPress Hack-Proof.

In the comments I promised a follow-up because, frankly, I wasn't satisfied with the content, it just didn't cover the WordPress security bases. The problem was, to properly advise on such a vast subject one doesn't require so much a simple Top 10 Tips style post, helpful as they can be, nor even a short series of security posts but, such is the threatscape, instead to wade in waste deep with a far broader work.

Setup Unmanaged VPS (4 Noobs!) ... with vpsBible
Secure WordPress. Properly. ... with wpCop, the platform's dedicated security website
Olly 'the_guv' Connelly's vpsBible.com site and 'WordPress 3 Ultimate Security' book.

As it turned out, along came a publisher, the techy house Packt Publishing, saw that piece and asked me to expand the topic into a book. What an honor. (Thank you guys.) How could I refuse?

Amidst other projects and one year in the making, my first tome WordPress 3 Ultimate Security is the result of my want of a proper reckoning, nigh-on 400 pages of security lock-down, a step-by-step of everything you absolutely need to know, and do, to protect your WordPress site, your site users, yours and their data, your content, your hobby or business and, maybe most important of all, your stress level and hairline.

I've done my utmost best to make the thing readable, enjoyable, not just an in-geek tome but genuinely noob-friendly, even with the tricky topics. And let's face it, for most of us, however concerned we must be, with the austere glaze-over that is the world of security, we desperately need technical topics crossed with usability.

… Then again, as I hope to have illustrated, web security can be truly fun ;). And satisfying.

Oh, sorry, fell asleep. Anyway, have a press release, explaining the whys and wherefores.

Kind regards to one and all. Damn fine to be back here on the guvfest, by the by. You and the fine folksters at vpsBible will be seeing more of me now :). At long last. Have some love.



(Cue the drums …)

WP 3 Ultimate Security: Press Release

WordPress 3 Ultimate Security, the first-ever book explaining in detail how to secure the popular blogging and content management platform, WordPress, has been released and already is clocking up impressive sales, both in e-book and hard copy formats. Here's the detail:-

Written for noobs and pros alike by Olly Connelly, aka the_guv on his guvnr.com and vpsBible.com websites and @the_guv on Twitter, and published by the technical house Packt Publishing, the book addresses not merely WordPress directly but tackles the myriad of ways that WordPress, its database and copyright content can be breached indirectly, via its wider network. As the author states in the work's Preface:-

“Most likely, today, some hacker tried to crack your WordPress site. Maybe that was some bored kid. Just as likely‎, it was an automated hit trying dozens of attacks to find a soft spot. Quite likely it was both.

“The threatscape is vast. Risk stretches from your keyboard, through and out the back of your local machine, buzzing around its network, maybe through your phone, into the router, hopping across your surfing, into the remote server, buzzing around that network and jumping all over WordPress.”

As such, WordPress 3 Ultimate Security doesn't simply expand upon those few, heavily-blogged, WordPress-specific security tips, but considers each and every potential breach of site and content security, detailing preventative measures from shoring up the local administrator's devices all the way through to layering defense in depth techniques on the server.

The book contains hundreds of external references to true-tested plugins, security wares and modules and to security and ethical hacking resources. It explains how safely to administer WordPress, for instance using HTTPS, SFTP and SSH or when using a shared terminal, café or wifi hotspot. It has chapters dedicated to copyright protection, to setting up a security policy, how properly to recover from disaster and how to evaluate a web host. Proactively, it even tutors readers with the hacker's methodology, and toolset, so as to uncover vulnerabilities by hacking ourselves, safely, before someone else does, maliciously.

“Your site is only as safe as its weakest local-to-remote link,” says Connelly. “This work is designed to address that, from A to Z and, frankly, while there's no silver bullet, we can reduce the risk of a successful attack from practically inevitable to practically zero.”


About the Author:

Olly Connelly (yeah, that's me) blogs at guvnr.com, polices WordPress security at wpCop.com and helps noobs build web servers at vpsBible.com, so if you've got sleeping problems you know where to come.


  1. the_guv  July 13, 2011

    “is there a reason to change my advice?”

    @Seth, that was 8 years ago. Eight years ago. EIGHT YEARS AGO!! Hey, even Windows has improved in that time 😛

    “high profile hacks of wordpress recently, even of themselves”

    The platform and its network, like any other, is not sufficiently hardened out of the box. It can be tamed. That’s what WordPress 3 Ultimate Security deals with, and it takes approaching 400 pages to tackle that. Some shared hosts are 1. crap and 2. like passing the buck, hence the recent high profile hacking news. WordPress.com was DDoS‘ed and, as we know, there’s little ultimately that can be done about that.

    “Ever since then I’ve told everybody to avoid wordpress — is there a reason to change my advice?”

    Well, respectfully Seth, like I say, it was “A long time ago, in a galaxy far far away.” I think Facebook was still owned by its owners, Apple brought out upgrades worth buying and the average script kiddie was shitting a daiper.

    All that said, Seth, thanks for your input to Automattic … sincerely, utterly, unequivocally. Without tips such as from you, I’d be using Joomla! (Actually no, I’d be using MODx 🙂 )

  2. Seth Woolley  July 9, 2011

    Hey, I saw your blog on some ubuntu services google search and noticed that you’ve published a book on “ultimate security” of wordpress. I can’t help but smirk a little.

    I reported the very first vulnerability sets in wordpress back in October 2003 and they reintroduced most of the vulns 18 months later after significant rewriting (having learned nothing about how to code securely the first time I gave them an overview of what systematically needed fixing).

    Did they finally start taking security seriously? I’ve seen a few high profile hacks of wordpress recently, even of themselves.

    I mean that they reduced their (since at the time they had 256 distinct select invocations) SQL statements to an abstracted prepare-statement interfaces and enforced code policies and provided well-documented plugin-writing guides and interfaces to avoid basic security issues? You know, taking basic security seriously?

    Ever since then I’ve told everybody to avoid wordpress — is there a reason to change my advice?

Add a Comment