WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery
- Autorzy:
- Olly Connelly, Oliver W Connelly
- Ocena:
- Bądź pierwszym, który oceni tę książkę
- Stron:
- 408
- Dostępne formaty:
-
PDFePubMobi
Opis ebooka: WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery
WordPress 3 Ultimate Security shows you how to hack your site before someone else does. You'll uncover its weaknesses before sealing them off, securing your content and your day-to-day local-to-remote editorial process. This is more than some 10 Tips ... guide. It's ultimate protection – because that's what you need.
Survey your network, using the insight from this book to scan for and seal the holes before galvanizing the network with a rack of cool tools. Solid!
The WordPress platform is only as safe as the weakest network link, administrator discipline, and your security knowledge. We'll cover the bases, underpinning your working process from any location, containing content, locking down the platform, your web files, the database, and the server. With that done, your ongoing security is infinitely more manageable.
Covering deep-set security yet enjoyable to read, WordPress 3 Ultimate Security will multiply your understanding and fortify your site.
Wybrane bestsellery
-
To trzecie wydanie przewodnika autorstwa twórców Kubernetesa. Zostało starannie zaktualizowane i wzbogacone o tak ważne zagadnienia jak bezpieczeństwo, dostęp do Kubernetesa za pomocą kodu napisanego w różnych językach programowania czy tworzenie aplikacji wieloklastrowych. Dzięki książce poznasz...
Kubernetes. Tworzenie niezawodnych systemów rozproszonych. Wydanie III Kubernetes. Tworzenie niezawodnych systemów rozproszonych. Wydanie III
(41.40 zł najniższa cena z 30 dni)48.30 zł
69.00 zł(-30%) -
Ta książka stanowi przystępne wprowadzenie do świata projektantów i budowniczych robotów. Dzięki niej dowiesz się, jak wybrać potrzebne podzespoły, jak je ze sobą połączyć i jak wykorzystywać poszczególne urządzenia wejścia i wyjścia. Posłużysz się w tym celu płytką Raspberry Pi i kompatybilnymi ...
Jak zaprogramować robota. Zastosowanie Raspberry Pi i Pythona w tworzeniu autonomicznych robotów. Wydanie II Jak zaprogramować robota. Zastosowanie Raspberry Pi i Pythona w tworzeniu autonomicznych robotów. Wydanie II
(59.40 zł najniższa cena z 30 dni)69.30 zł
99.00 zł(-30%) -
Połącz kropki zaprasza do przedziwnego świata najnowszych technologii - tak szeroko, jak żadna dotychczas książka na polskim rynku wydawniczym. Inżynieria genetyczna, automatyczna synteza chemiczna, nanoroboty medyczne, uczenie maszynowe, autonomiczne drony militarne, synteza organów in vitro... ...(7.90 zł najniższa cena z 30 dni)
35.93 zł
49.90 zł(-28%) -
Oto znakomity i w pełni zaktualizowany przewodnik po informatyce śledczej, uwzględniający najnowsze techniki, narzędzia i rozwiązania. W książce omówiono praktyczne aspekty zarówno umiejętności technicznych, jak i spraw ważnych z punktu widzenia prowadzenia dochodzeń w internecie i laboratorium. ...
Informatyka w kryminalistyce. Praktyczny przewodnik. Wydanie II Informatyka w kryminalistyce. Praktyczny przewodnik. Wydanie II
(39.90 zł najniższa cena z 30 dni)74.50 zł
149.00 zł(-50%) -
Discover the potential of ChatGPT, harness cloud platforms for security and scalability, maximize the efficiency of your AI apps, and explore industry use cases to gain practical insights with the help of Generative AI for Cloud Solutions.
Generative AI for Cloud Solutions. Architect modern AI LLMs in secure, scalable, and ethical cloud environments Generative AI for Cloud Solutions. Architect modern AI LLMs in secure, scalable, and ethical cloud environments
-
Технологія Java сьогодні використовується ск&...(84.16 zł najniższa cena z 30 dni)
84.16 zł
103.90 zł(-19%) -
Ця книжка познайомить вас з особливостями Jav...
Head First. Програмування на JavaScript. Head First. Програмування на JavaScript Head First. Програмування на JavaScript. Head First. Програмування на JavaScript
(84.16 zł najniższa cena z 30 dni)84.16 zł
103.90 zł(-19%) -
«Патерни проєктування» 2014 ваша книжка, якщо C...(84.16 zł najniższa cena z 30 dni)
84.16 zł
103.90 zł(-19%) -
This edition is a comprehensive guide to design architecture and implement practices for delivering business value. You’ll learn concepts influencing architectural decisions, and topics like observability, security and running in multiple regions.
Software Architecture Patterns for Serverless Systems. Architecting for innovation with event-driven microservices and micro frontends - Second Edition Software Architecture Patterns for Serverless Systems. Architecting for innovation with event-driven microservices and micro frontends - Second Edition
O autorach ebooka
Ebooka "WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery" przeczytasz na:
-
czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
-
systemach Windows, MacOS i innych
-
systemach Windows, Android, iOS, HarmonyOS
-
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi
Masz pytania? Zajrzyj do zakładki Pomoc »
Audiobooka "WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery" posłuchasz:
-
w aplikacji Ebookpoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych
-
na dowolnych urządzeniach i aplikacjach obsługujących format MP3 (pliki spakowane w ZIP)
Masz pytania? Zajrzyj do zakładki Pomoc »
Kurs Video "WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery" zobaczysz:
-
w aplikacjach Ebookpoint i Videopoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych z dostępem do najnowszej wersji Twojej przeglądarki internetowej
Szczegóły ebooka
- Tytuł oryginału:
- WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery.
- ISBN Ebooka:
- 978-18-495-1211-4, 9781849512114
- Data wydania ebooka:
- 2011-06-13 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
- Język publikacji:
- angielski
- Rozmiar pliku Pdf:
- 4.5MB
- Rozmiar pliku ePub:
- 5.3MB
- Rozmiar pliku Mobi:
- 8.1MB
Spis treści ebooka
- WordPress 3 Ultimate Security
- Table of Contents
- WordPress 3 Ultimate Security
- Credits
- About the Author
- Acknowledgement
- About the Reviewers
- www.PacktPub.com
- Support files, eBooks, discount offers and more
- Why Subscribe?
- Free Access for Packt account holders
- Support files, eBooks, discount offers and more
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Downloading the example code
- Errata
- Piracy
- Questions
- 1. So Whats the Risk?
- Calculated risk
- An overview of our risk
- Meet the hackers
- White hat
- Black hat
- Botnets
- Cybercriminals
- Hacktivists
- Scrapers
- Script kiddies
- Spammers
- Misfits
- Grey hat
- Hackers and crackers
- Physically hacked off
- Social engineering
- Phone calls
- Walk-ins
- Enticing URLs
- Phishing
- Social networking (and so on)
- Protecting against social engineering
- Weighing up Windows, Linux, and Mac OS X
- The deny-by-default permission model
- The open source advantage
- System security summary
- Malwares dissected
- Blended threats
- Crimeware
- Data loggers
- At loggerheads with the loggers
- Hoax virus
- Rootkits
- Spyware
- Trojan horses
- Viruses
- Worms
- Zero day
- World wide worry
- Old browser (and other app) versions
- Unencrypted traffic
- Dodgy sites, social engineering, and phish food
- Infected public PCs
- Sniffing out problems with wireless
- Wireless hotspots
- Evil twins
- Ground zero
- Overall risk to the site and server
- Physical server vulnerabilities
- Open ports with vulnerable services
- Access and authentication issues
- Buffer overflow attacks
- Intercepting data with man-in-the-middle attacks
- Cracking authentication with password attacks
- The many dangers of cross-site scripting (XSS)
- Assorted threats with cross-site request forgery (CSRF)
- Accessible round-up
- Lazy site and server administration
- Vulnerable versions
- Redundant files
- Privilege escalation and jailbreak opportunities
- Unchecked information leak
- Directory traversal attacks
- Content theft, SEO pillaging, and spam defacement
- Scraping and media hotlinking
- Damn spam, rants, and heart attacks
- Summary
- 2. Hack or Be Hacked
- Introducing the hacker's methodology
- Reconnaissance
- Scanning
- Gain access
- Secure access
- Cover tracks
- Introducing the hacker's methodology
- Ethical hacking vs. doing time
- The reconnaissance phase
- What to look for
- How to look for it
- Google hacking
- Sites and links
- Finding files
- Keyword scanning
- Phone numbers
- Google hacking
- More on Google hacking
- Scouting-assistive applications
- Hacking Google hacking with SiteDigger
- WHOIS whacking
- Demystifying DNS
- Resolving a web address
- Domain name security
- The scanning phase
- Mapping out the network
- Nmap: the Network Mapper
- Using ping sweeps to map out a network
- Checking for open ports on a network device
- Checking for vulnerable services on a network device
- Nmap: the Network Mapper
- Secondary scanners
- Mapping out the network
- Scanning for server vulnerabilities
- Nessus
- Creating policies with Nessus
- Assessing problems
- Nessus
- OpenVAS
- GFI Languard
- Qualys
- NeXpose and Metasploit
- Scanning for web vulnerabilities
- Wikto
- Paros Proxy
- HackerTarget
- Alternative tools
- Hack packs
- Summary
- 3. Securing the Local Box
- Breaking Windows: considering alternatives
- Windows security services
- Security or Action Center
- Windows Firewall
- Windows Update
- Internet Options
- Windows Defender
- User Account Control
- Configuring UAC in Vista
- Configuring UAC in Windows 7
- Disabling UAC at the registry (Vista and 7)
- UAC problems with Vista Home and Premium
- Proactive about anti-malware
- The reactionary old guard: detection
- Regular antivirus scanners
- Signature-based
- Heuristics-based
- Regular antivirus scanners
- The reactionary old guard: detection
- The proactive new guard: prevention
- HIPS and behavior scanning
- HIPS vs behavior scanners
- Sandbox isolation
- The almost perfect anti-malware solution
- Comodo Internet Security (CIS)
- Comodo Firewall
- Comodo Antivirus
- Scanning by signature
- Scanning by heuristics
- Comodo Defense+ (HIPS) and sandbox
- Comodo Internet Security (CIS)
- Pick 'n mix anti-malware modules
- Firewall with ZoneAlarm
- Antivirus with Avira AntiVir
- HIPS + sandbox + firewall with DefenseWall
- Behavior scanning with ThreatFire
- Updating ThreatFire
- Sensitivity Level
- System Activity Monitor
- Multiple sandboxes with Sandboxie
- Advanced sandboxing (and more) with virtual machines
- Rootkit detection with GMER and RootRepeal
- Malware cleaning with Malwarebytes
- Anti-malware product summary
- Prevention models and user commitment
- Windows user accounts
- XP user accounts
- Vista and Windows 7 user accounts
- Managing passwords and sensitive data
- Proper passphrase policy
- Password and data managers
- Web browser data managers
- Future-proofed data management
- Why LastPass?
- Setting up LastPass
- Installing LastPass
- Using LastPass
- Bolstering LastPass security
- LastPass multi-factor authentication
- Virtual keyboard
- One time passwords
- Grid system
- YubiKey support
- Sesame authentication
- Passed out? That's it!
- Securing data and backup solutions
- Have separate data drives
- Encrypting hard drives
- Automated incremental backup
- Registry backup
- Programming a safer system
- Patching the system and programs
- Binning unwanted software
- Disabling clutter and risky Windows services
- Disabling XP's Simple File Sharing
- Summary
- 4. Surf Safe
- Look (out), no wires
- Alt: physical cable connection
- The wireless management utility
- Securing wireless
- Router password
- Changing the SSID
- Hiding the SSID
- WEP vs. WPA vs. WPA2
- WPA2 with AES
- AES vs. TKIP
- Wireless authentication key
- Optional: MAC address filtering
- Summing up wireless
- Look (out), no wires
- Network security re-routed
- Swapping firmware
- Using public computers it can be done
- Booting a Preinstalled Environment (PE)
- Secure your browsing
- Online applications
- Portable applications
- Advanced data management and authentication
- Covering your tracks
- Checking external media
- Hotspotting Wi-Fi
- Hardening the firewall
- Quit sharing
- Disabling automatic network detection
- Alternative document storage
- Encrypted tunnelling with a Virtual Private Network
- E-mailing clients and webmail
- Remote webmail clients (and other web applications)
- Encrypted webmail
- Checking your encryption type
- Better webmail solutions
- Logging out
- Remote webmail clients (and other web applications)
- Local software clients
- Keeping the client updated
- Instant scanning
- Sandboxing clients
- Local and remote clients
- Plain text or HTML
- E-mail encryption and digital signatures with PGP
- Encrypting attachments with compression utilities
- Your e-mail addresses
- Don't become phish food
- Beware of spoof addresses
- Damn spam
- SpamAssassin Trainer
- Browsers, don't lose your trousers
- Latest versions
- Internet Explorer (IE)
- Isolating older browsers
- Browsers and security
- Chrome's USPs (for good and very bad)
- Chrome outfoxed
- Firefox security settings
- The password manager
- Extending security
- Ad and cookie cullers
- AdBlock Plus *
- Beef Taco *
- BetterPrivacy *
- Ghostery
- Ad Hacker
- Ad and cookie cullers
- FEBE *
- LastPass *
- Locationbar2
- Lock The Text
- Anti-scripting attacks
- NoScript *
- RequestPolicy
- SSL certificate checks
- Certificate Patrol *
- Perspectives *
- Web of Trust (WOT) *
- Anonymous browsing
- Locally private browsing
- Online private browsing
- Anonymous proxy server
- Chained proxies
- SSL proxies and Virtual Private Networks (VPNs)
- Corporate and private VPNs
- Private SOCKS proxy with SSH
- Networking, friending, and info leak
- Third party apps and short links
- Summary
- 5. Login Lock-Down
- Sizing up connection options
- Protocol soup
- Sizing up connection options
- WordPress administration with SSL
- SSL for shared hosts
- Shared, server-wide certificates
- Letting WordPress know
- Logging in
- Shared, server-wide certificates
- Dedicated, domain-specific certificates
- Dedicated IP
- Obtaining signed certificates
- Setting up a signed certificate
- SSL for shared hosts
- SSL for VPS and dedicated servers
- Creating a self-signed certificate
- Generating the files
- Required Apache modules
- Configuring the virtual host file
- Alerting WordPress and activating SSL
- Creating a self-signed certificate
- Using a signed certificate
- Testing SSL and insecure pages
- SSL reference
- SSL and login plugins
- Locking down indirect access
- Server login
- Hushing it up with SSH
- Shared hosting SSH request
- Setting up the terminal locally
- Linux or Mac locally
- Windows locally
- Setting up Tunnelier
- Securing the terminal
- Creating keys: Linux or Mac locally
- Creating keys: Windows locally
- Uploading keys
- Using keys from multiple machines
- Server login
- SFTP not FTP
- SFTP from the command line
- SFTP using S/FTP clients
- Connecting up a client
- phpMyAdmin login
- Safer database administration
- Control panel login
- Apache modules
- IP deny with mod_access
- What is my IP?
- IP spoofing
- IP deny with mod_access
- Password protect directories
- cPanel's Password Protect Directories
- Authentication with mod_auth
- The htaccess file
- A quick shout out to htaccess, bless
- The htaccess file
- The passwd file
- Creating and editing password files
- Creating group membership
- Basically, it's basic
- Better passwords with mod_auth_digest
- Easily digestible groups
- More authentication methods
- mod_auth_db and mod_auth_dbm
- mod_auth_mysql
- mod_auth_pg95
- Yet more authentication methods
- Summary
- 6. 10 Must-Do WordPress Tasks
- Locking it down
- Backing up the lot
- Prioritizing backup
- Full, incremental and differential
- How and where to backup
- Backing up db + files on the web server
- Backing up db + files by your web host
- Backing up db to (web)mail
- Backing up db and/or files to cloud storage
- SMEStorage Multi-Cloud WordPress Backup
- Automatic WordPress Backup
- Updraft
- BackWPup
- VaultPress
- Un-clouding the issue
- Backing up files for local Windows users
- Installing Cobian as a service
- Setting up Tunnelier's FTP-to-SFTP bridge
- Setting up the bridge
- Saving your profile
- Creating the batch files
- Testing your batch files
- Setting up your first Cobian Backup task
- Hooking Tunnelier into Cobian
- Opening the bridge
- Testing the ruddy thing
- Backing up a database to local machines
- Dumping the data from a database
- Cron the script
- Grabbing the data dump for Windows locally
- Flushing the dump
- Files and db backup for local Mac 'n Linux users
- Full backup to local
- Full backup remote to remote
- Incremental backups to local
- Incremental remote-to-remote
- Backing up backup!
- Updating shrewdly
- Think, research, update
- Dry run updates
- Updating plugins, widgets and other code
- The new update panel
- Neutering the admin account
- The problem with admin
- Deleting admin
- OK, don't delete admin!
- Creating privileged accounts
- Private account names and nicknames
- Least privilege users
- Custom roles
- Denying subscriptions
- Correcting permissions creep
- Pruning permissions at the terminal
- Restyling perms with a control panel
- 777 permissions
- wp-config.php permissions
- Hiding the WordPress version
- Binning the readme
- Cloaking the login page and the version
- Silver bullets won't fly
- Nuking the wp_ tables prefix
- Backing up the database
- Automated prefix change
- Manual prefix change
- Installing WordPress afresh
- Setting up secret keys
- Denying access to wp-config.php
- Hardening wp-content and wp-includes
- Extra rules for wp-include's htaccess
- Extra rules for wp-content's htaccess
- Summary
- 7. Galvanizing WordPress
- Fast installs with Fantastico ... but is it?
- Considering a local development server
- Using a virtual machine
- Added protection for wp-config.php
- Moving wp-config.php above the WordPress root
- Less value for non-root installations
- Moving wp-config.php above the WordPress root
- WordPress security by ultimate obscurity
- Just get on with it
- Introducing remove_actions
- Blog client references
- Feed references
- Relational links
- Linking relationships thingy
- Stylesheet location
- Renaming and migrating wp-content
- The problem with plugins
- The other problem with plugins
- Yet another problem with those pesky plugins
- Default jQuery files
- Themes and things
- "Just another WordPress blog"
- Ultimate security by obscurity: worth it?
- Revisiting the htaccess file
- Blocking comment spam
- Limiting file upload size
- Hotlink protection
- Protecting files
- Hiding the server signature
- Protecting the htaccess file
- Hiding htaccess files
- Ensuring correct permissions
- Adding a deny rule
- Good bot, bad bot
- Bot what?
- Good bot
- Bad bot
- Bots blitzkrieg
- Snaring the bots
- Short circuiting bots with htaccess
- Bots to trot
- The Perishable Press 4G Blacklist
- Honey pots
- Project Honey Pot
- CloudFlare
- Bad Behavior
- Perishable Press Blackhole for bad bots
- Setting up an antimalware suite
- Firewall
- AntiVirus
- More login safeguards
- Limit Login Attempts
- Scuttle log-in errors
- Concerning code
- Deleting redundant code
- Scrutinize widgets, plugins and third party code
- Ditto for themes
- Running malware scans and checking compatibility
- Routing rogue plugins
- Hiding your files
- Summary
- 8. Containing Content
- Abused, fair use and user-friendly
- Scraping and swearing
- The problem with scrapers
- Scraping and swearing
- Fair play to fair use
- Extending knowledge, generally with non-commercial intent
- The public interest
- The amount and value of the extracted material
- The effect on the current and future worth of the original content
- Abused, fair use and user-friendly
- Illegality vs. benefit
- A nice problem to have (or better still to manage)
- Sharing and collaboration
- Sack lawyers, employ creative commons
- Site and feed licensing
- Protecting content
- Pre-emptive defense
- Backlink bar none
- Tweaking the title
- Linking lead content
- Reasserting with reference
- Backlink bar none
- Binning the bots
- Coining a copyright notice
- Fielding your feeds
- Adding a digi-print footer
- Showing only summaries
- Preventing media hotlinks
- Refusing right-clicks
- Watermarking your media
- Reactive response
- Seeking out scrapers
- Investigating the Dashboard
- Incoming links
- Trackbacks
- Investigating the Dashboard
- Investigating the site and server log
- Online investigation
- Searching with Google
- Don't bother with Google Blogs
- Using Google Alerts
- Copyscape
- Feedburner's Uncommon Uses
- Plagium
- TinEye
- Seeking out scrapers
- Pinpointing scrapers
- Run a WHOIS search
- Tackling offenders
- The cordial approach
- The DMCA approach
- The jugular approach
- The legal approach
- Finding the abuse department
- Summary
- 9. Serving Up Security
- .com blogs vs .org sites
- Host type analysis
- Choices choices ...
- Querying support and community
- Questions to ask hosting providers
- Control panels and terminals
- Safe server access
- Understanding the terminal
- Elevating to superuser permissions
- Setting up a panel
- Managing unmanaged with Webmin
- Installing Webmin
- Securing Webmin
- Users, permissions, and dangers
- Files and users
- Ownership and permissions
- Translating symbolic to octal notation
- Using change mode to modify permissions
- WordPress permissions
- Permissions case study: super-tight wp-config.php
- Using change owner to modify ownership
- Owning your files
- Sniffing out dangerous permissions
- Suspect hidden files and directories
- Protecting world-writable files
- Scrutinising SUID and SGID files (aka SxID files)
- Keeping track of changes with SXID
- Cronning SXID
- System users
- Shared human accounts
- Administrative accounts
- Deleting user accounts
- Home directory permissions
- User access
- Non-human accounts
- Repositories, packages, and integrity
- Verifying genuine software
- MD5 checksums
- GnuPG cryptographic signatures
- Verifying genuine software
- Tracking suspect activity with logs
- Reading the Common Log Format (CLF)
- What visitor
- What file
- From where
- What client
- Reading the Common Log Format (CLF)
- Exercising the logged data
- Chicken and egg with logging plugins
- Legwork for access logs
- Logs and hosting types
- Checking the authorization log
- Securing and parsing logs
- Enabling logs
- Dynamic logs
- Off-site logging
- Log permissions
- Summary
- 10. Solidifying Unmanaged
- Hardening the Secure Shell
- Protocol 2
- Port 22
- PermitRootLogin yes
- PasswordAuthentication yes
- AllowUsers USERNAME
- Reloading SSH
- Hardening the Secure Shell
- chrooted SFTP access with OpenSSH
- Binning the FTP service and firewalling the port
- Providing a secure workspace
- Deleting users safely
- PHP's .ini mini guide
- Locating your configuration options
- Making .ini a meany
- open_basedir
- Patching PHP with Suhosin
- Installing Suhosin
- Isolating risk with SuPHP
- Installing SuPHP
- Alternatives to SuPHP
- Containing MySQL databases
- Checking for empty passwords
- Deleting the test database
- Remote db connections with an SSH tunnel
- phpMyAdmin: friend or foe?
- Did we mention backup?
- Bricking up the doors
- Ports 101
- Fired up on firewalls
- Bog-standard iptables firewall
- Adding the firewall to the network
- Quitting superuser
- Reference for iptables
- Bog-standard iptables firewall
- Enhancing usability with CSF
- Installing CSF
- CSF as a control panel module
- Setting up the firewall
- Error on stopping the firewall
- CSF from the command line
- Using CSF to scan for system vulnerabilities
- Service or disservice?
- Researching services with Netstat
- Preparing to remove services
- Researching services
- inetd and xinetd super-servers
- Service watch
- Disabling services using a service manager
- Using sysv-rc-conf
- Deleting unsafe services with harden-servers
- Closing the port
- Gatekeeping with TCP wrappers
- Stockier network stack
- Summary
- 11. Defense in Depth
- Hardening the kernel with grsecurity
- Growling quietly with greater security
- Controlling user access with RBAC
- Second-tier access control
- Training the RBAC system with Gradm
- Controlling user access with RBAC
- Memory protection with PaX
- The multi-layered protection model
- Debian grsecurity from repositories
- Compiling grsecurity into a kernel
- Matching the kernel and grsecurity packages
- Exporting the version numbers
- Verifying the package downloads
- Patching the kernel
- Xen VPS configuration part 1
- Configuring the kernel
- grsecurity levels
- Kernel level chroot hardening
- Properly implemented?
- grsecurity and chroot
- Using Sysctl support to maximize security settings
- Options galore
- The kernel executable
- Xen VPS configuration part 2
- Booting and checking the kernel
- Installing Gradm
- Growling quietly with greater security
- Hardening the kernel with grsecurity
- Integrity, logs, and alerts with OSSEC
- Obtaining and verifying the source
- The installation process
- What kind of installation (server, agent, local, or help)?
- Choosing where to install the OSSEC HIDS [/var/ossec]
- Configuring the OSSEC HIDS
- Do you want to add more IPs to the white list?
- Setting the configuration to analyze the following logs
- Using OSSEC
- Updating OSSEC
- Easing analysis with a GUI
- OSSEC-WUI
- Splunk
- Slamming backdoors and rootkits
- (D)DoS protection with mod_evasive
- Sniffing out malformed packets with Snort
- Installing the packages
- Snort's installation options
- Specifying the network
- Point to the database
- Snort's installation options
- Ruby on Rails dependencies
- Installing the packages
- Creating the web interface
- Creating a sub-domain using an A record
- Setting up the virtual host file
- Creating the database
- Deploying Ruby on Rails with Passenger
- Enabling everything
- Browsing to Snorby
- Hacking yourself
- Configuring the network
- Updating Snort's rule-base
- Sourcefire Vulnerability Research Team (VRT)
- Emerging Threats
- Firewalling the web with ModSecurity
- Installing mod-security, the Apache module
- Applying a ruleset
- Enabling CRS and logging
- Tuning your ruleset
- Rulesets and WordPress
- Updating rulesets
- ModSecurity resources
- Summary
- A. Plugins for Paranoia
- Anti-malware
- Backup
- Content
- Login
- Spam
- SSL
- Users
- B. Don't Panic! Disaster Recovery
- Diagnosis vs. downtime
- Securing your users
- Considering maintenance mode
- Using a plugin
- Using a rewrite rule
- Considering maintenance mode
- Local problems
- Server and file problems
- WordPress problems
- Incompatible plugins
- Injected plugins
- Widgets, third party code and theme problems
- Fun 'n' frolics with files
- Scrutinizing file changes
- Remote file comparison
- Local file comparison
- Deep file scanning
- Verifying uploads and shared areas
- Checking htaccess files
- Pruning hidden users
- Reinstalling WordPress
- Some provisos
- Upload WordPress and plugins
- Importing a database backup
- Editing wp-config-sample.php
- Setting least privileges
- Sending the clean platform live
- Changing your passwords
- Checking your search engine results pages
- Revisiting WordPress security
- C. Security Policy
- Security policy for somesite.com
- Aim
- Goals
- Somesite.com
- Personal Computers
- Server
- Roles and responsibilities
- Security Manager (SM)
- System Administrator
- Site Administrator
- Site Editors
- Other roles
- Security policy for somesite.com
- Network assets
- PCs and media
- Routing gear
- Server
- Website assets
- Backup
- Code updates
- Database
- Domain
- Further policy considerations
- D. Essential Reference
- WordPress 3 Ultimate Security
- Bloggers and zines
- 2600: The Hacker Quarterly
- CGISecurity
- Darknet
- Dark Reading
- ha.ckers
- KrebsonSecurity
- Jeremiah Grossman
- Phrack Magazine
- Forums
- hack in the box
- sla.ckers
- WindowSecurity
- Hacking education
- Go Hacking
- HackThisSite
- Hellbound Hackers
- OWASP WebGoat Project
- We Chall
- YouTube
- Linux
- Linux Online
- Linux Journal
- YoLinux
- Macs and Windows
- Apple Product Security
- Microsoft Security
- Organizations
- OWASP
- SANS
- SecurityFocus
- WASC
- Wikipedia
- Penetration testing
- ISECOM's OSSTM
- OWASP Testing Guide
- Server-side core documents
- Apache HTTP Server Version 2.2 Documentation
- Apache: Module Index
- MySQL: Security
- PHP: Security
- Toolkits
- SecTools.Org
- TREACHERY UNLIMITED
- WASC Web Application Security Scanner List
- Web browsers
- Chrome
- Firefox
- Internet Explorer
- Opera
- Safari
- Browser Security Handbook
- WordPress
- Forums
- .com support
- Codex
- News
- Planet
- Development updates
- Trac
- Reporting Bugs
- Security issues
- Plugin Repository Trac
- Plugins and themes
- Plugins and themes source
- Kvetch!
- IRC
- Mailing lists
- Non-official support
- LinkedIn WordPress group
- WordPress forums
- WordPress Tavern
- Index
Packt Publishing - inne książki
-
Mastering Data transformation is essential for enhancing their data models and business intelligence. The Definitive Guide to Power Query equips you with the knowledge and skills to master the tool while leveraging its remarkable capabilities.
The Definitive Guide to Power Query (M). Mastering complex data transformation with Power Query The Definitive Guide to Power Query (M). Mastering complex data transformation with Power Query
Gregory Deckler, Rick de Groot, Melissa de Korte, Brian Julius
Dzieki opcji "Druk na żądanie" do sprzedaży wracają tytuły Grupy Helion, które cieszyły sie dużym zainteresowaniem, a których nakład został wyprzedany.
Dla naszych Czytelników wydrukowaliśmy dodatkową pulę egzemplarzy w technice druku cyfrowego.
Co powinieneś wiedzieć o usłudze "Druk na żądanie":
- usługa obejmuje tylko widoczną poniżej listę tytułów, którą na bieżąco aktualizujemy;
- cena książki może być wyższa od początkowej ceny detalicznej, co jest spowodowane kosztami druku cyfrowego (wyższymi niż koszty tradycyjnego druku offsetowego). Obowiązująca cena jest zawsze podawana na stronie WWW książki;
- zawartość książki wraz z dodatkami (płyta CD, DVD) odpowiada jej pierwotnemu wydaniu i jest w pełni komplementarna;
- usługa nie obejmuje książek w kolorze.
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka, którą chcesz zamówić pochodzi z końcówki nakładu. Oznacza to, że mogą się pojawić drobne defekty (otarcia, rysy, zagięcia).
Co powinieneś wiedzieć o usłudze "Końcówka nakładu":
- usługa obejmuje tylko książki oznaczone tagiem "Końcówka nakładu";
- wady o których mowa powyżej nie podlegają reklamacji;
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka drukowana
Oceny i opinie klientów: WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery Olly Connelly, Oliver W Connelly (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.