Author: Olly Connelly
Pages: 408
Publisher: Packt Publishing
ISBN: 1849512108



Back in 2004, the company behind the then-popular blogging platform Movable Type shot themselves in the foot by changing the license, prompting the majority of top users to select an alternative platform. Ever since then, Wordpress has been thriving and has ultimately become one of the leading online publishing platforms. In fact, WordPress.com alone is home to more than 60 million hosted blogs.

Wordpress is an open source project and one of the major reasons for its popularity is its community, which developed over 23,000 plugins. The diversity of these add-ons is impressive, but they also strongly impact the overall security of the installation.

If you host your blog on WordPress.com, security is not something you should worry about too much. But for those who don't and use Wordpress it's important to keep up with the constant updates of both the core installation as well as the plugins.

Inside the book

This book has over 350 pages and, as the title says, aims to be the ultimate Wordpress 3 security guide. The author built the book around the premise that a website is as safe as the weakest link.

I absolutely agree with this and was satisfied when the author started with explaining the risks, likely threats and ways to securing a system that will be used by the WordPress administrator.

Unfortunately, as the dialogue about the user's own computer security went on and on, I realized that he had focused too much on this - a mistake that he repeated when discussing the security of the server the blogging system is installed on.

I absolutely understand the need of providing background information that would be of interest to any WordPress administrator, but to tell you the truth, I expected more from a book titled "WordPress 3 Ultimate Security".

The security information provided - that is, the information about issues that are not directly connected to WordPress - are well organized, but they occupy most of the book.

The first 300 pages (appendixes start on page 313) contain barely 50 that had something to do with security threats or hardening of Wordpress. Add to that the extra 20 pages from the appendix A and B (a list of information security plugins and a solid piece on WordPress disaster recovery), and... that's it!

Final thoughts

I think it's fair to say that 20 percent of the book dedicated to what should be the main thing is not nearly enough for a publication whose title contains the term "ultimate". Exchange that 20 percent about Wordpress with the same amount of information about Joomla, PhpBB or similar, and you could publish a book every month - but none of them would deserve the aforementioned term.

On the positive side, the content that is dedicated to WordPress hardening is very interesting and the author gives good tips that will definitely help you increase the security of your WordPress installation.