WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery - Helion
ebook
Autor: Olly Connelly, Oliver W ConnellyTytuł oryginału: WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery.
ISBN: 9781849512114
stron: 408, Format: ebook
Data wydania: 2011-06-13
Księgarnia: Helion
Cena książki: 159,00 zł
Most likely – today – some hacker tried to crack your WordPress site, its data and content – maybe once but, with automated tools, very likely dozens or hundreds of times. There's no silver bullet but if you want to cut the odds of a successful attack from practically inevitable to practically zero, read this book.
WordPress 3 Ultimate Security shows you how to hack your site before someone else does. You'll uncover its weaknesses before sealing them off, securing your content and your day-to-day local-to-remote editorial process. This is more than some "10 Tips ..." guide. It's ultimate protection – because that's what you need.
Survey your network, using the insight from this book to scan for and seal the holes before galvanizing the network with a rack of cool tools. Solid!
The WordPress platform is only as safe as the weakest network link, administrator discipline, and your security knowledge. We'll cover the bases, underpinning your working process from any location, containing content, locking down the platform, your web files, the database, and the server. With that done, your ongoing security is infinitely more manageable.
Covering deep-set security yet enjoyable to read, WordPress 3 Ultimate Security will multiply your understanding and fortify your site.
Osoby które kupowały "WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery", wybierały także:
- Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
- Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
- DevOps w praktyce. Kurs video. Jenkins, Ansible, Terraform i Docker 190,00 zł, (39,90 zł -79%)
- Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)
- Scrum. O zwinnym zarządzaniu projektami. Wydanie II rozszerzone 58,64 zł, (12,90 zł -78%)
Spis treści
WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery eBook -- spis treści
- WordPress 3 Ultimate Security
- Table of Contents
- WordPress 3 Ultimate Security
- Credits
- About the Author
- Acknowledgement
- About the Reviewers
- www.PacktPub.com
- Support files, eBooks, discount offers and more
- Why Subscribe?
- Free Access for Packt account holders
- Support files, eBooks, discount offers and more
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Downloading the example code
- Errata
- Piracy
- Questions
- 1. So Whats the Risk?
- Calculated risk
- An overview of our risk
- Meet the hackers
- White hat
- Black hat
- Botnets
- Cybercriminals
- Hacktivists
- Scrapers
- Script kiddies
- Spammers
- Misfits
- Grey hat
- Hackers and crackers
- Physically hacked off
- Social engineering
- Phone calls
- Walk-ins
- Enticing URLs
- Phishing
- Social networking (and so on)
- Protecting against social engineering
- Weighing up Windows, Linux, and Mac OS X
- The deny-by-default permission model
- The open source advantage
- System security summary
- Malwares dissected
- Blended threats
- Crimeware
- Data loggers
- At loggerheads with the loggers
- Hoax virus
- Rootkits
- Spyware
- Trojan horses
- Viruses
- Worms
- Zero day
- World wide worry
- Old browser (and other app) versions
- Unencrypted traffic
- Dodgy sites, social engineering, and phish food
- Infected public PCs
- Sniffing out problems with wireless
- Wireless hotspots
- Evil twins
- Ground zero
- Overall risk to the site and server
- Physical server vulnerabilities
- Open ports with vulnerable services
- Access and authentication issues
- Buffer overflow attacks
- Intercepting data with man-in-the-middle attacks
- Cracking authentication with password attacks
- The many dangers of cross-site scripting (XSS)
- Assorted threats with cross-site request forgery (CSRF)
- Accessible round-up
- Lazy site and server administration
- Vulnerable versions
- Redundant files
- Privilege escalation and jailbreak opportunities
- Unchecked information leak
- Directory traversal attacks
- Content theft, SEO pillaging, and spam defacement
- Scraping and media hotlinking
- Damn spam, rants, and heart attacks
- Summary
- 2. Hack or Be Hacked
- Introducing the hacker's methodology
- Reconnaissance
- Scanning
- Gain access
- Secure access
- Cover tracks
- Ethical hacking vs. doing time
- The reconnaissance phase
- What to look for
- How to look for it
- Google hacking
- Sites and links
- Finding files
- Keyword scanning
- Phone numbers
- More on Google hacking
- Google hacking
- Scouting-assistive applications
- Hacking Google hacking with SiteDigger
- WHOIS whacking
- Demystifying DNS
- Resolving a web address
- Domain name security
- The scanning phase
- Mapping out the network
- Nmap: the Network Mapper
- Using ping sweeps to map out a network
- Checking for open ports on a network device
- Checking for vulnerable services on a network device
- Secondary scanners
- Nmap: the Network Mapper
- Scanning for server vulnerabilities
- Nessus
- Creating policies with Nessus
- Assessing problems
- OpenVAS
- GFI Languard
- Qualys
- NeXpose and Metasploit
- Nessus
- Scanning for web vulnerabilities
- Wikto
- Paros Proxy
- HackerTarget
- Alternative tools
- Hack packs
- Mapping out the network
- Summary
- Introducing the hacker's methodology
- 3. Securing the Local Box
- Breaking Windows: considering alternatives
- Windows security services
- Security or Action Center
- Windows Firewall
- Windows Update
- Internet Options
- Windows Defender
- User Account Control
- Configuring UAC in Vista
- Configuring UAC in Windows 7
- Disabling UAC at the registry (Vista and 7)
- UAC problems with Vista Home and Premium
- Proactive about anti-malware
- The reactionary old guard: detection
- Regular antivirus scanners
- Signature-based
- Heuristics-based
- Regular antivirus scanners
- The proactive new guard: prevention
- HIPS and behavior scanning
- HIPS vs behavior scanners
- Sandbox isolation
- The reactionary old guard: detection
- The almost perfect anti-malware solution
- Comodo Internet Security (CIS)
- Comodo Firewall
- Comodo Antivirus
- Scanning by signature
- Scanning by heuristics
- Comodo Defense+ (HIPS) and sandbox
- Pick 'n mix anti-malware modules
- Firewall with ZoneAlarm
- Antivirus with Avira AntiVir
- HIPS + sandbox + firewall with DefenseWall
- Behavior scanning with ThreatFire
- Updating ThreatFire
- Sensitivity Level
- System Activity Monitor
- Multiple sandboxes with Sandboxie
- Advanced sandboxing (and more) with virtual machines
- Rootkit detection with GMER and RootRepeal
- Malware cleaning with Malwarebytes
- Anti-malware product summary
- Prevention models and user commitment
- Comodo Internet Security (CIS)
- Windows user accounts
- XP user accounts
- Vista and Windows 7 user accounts
- Managing passwords and sensitive data
- Proper passphrase policy
- Password and data managers
- Web browser data managers
- Future-proofed data management
- Why LastPass?
- Setting up LastPass
- Installing LastPass
- Using LastPass
- Bolstering LastPass security
- LastPass multi-factor authentication
- Virtual keyboard
- One time passwords
- Grid system
- YubiKey support
- Sesame authentication
- Passed out? That's it!
- Securing data and backup solutions
- Have separate data drives
- Encrypting hard drives
- Automated incremental backup
- Registry backup
- Programming a safer system
- Patching the system and programs
- Binning unwanted software
- Disabling clutter and risky Windows services
- Disabling XP's Simple File Sharing
- Summary
- 4. Surf Safe
- Look (out), no wires
- Alt: physical cable connection
- The wireless management utility
- Securing wireless
- Router password
- Changing the SSID
- Hiding the SSID
- WEP vs. WPA vs. WPA2
- WPA2 with AES
- AES vs. TKIP
- Wireless authentication key
- Optional: MAC address filtering
- Summing up wireless
- Network security re-routed
- Swapping firmware
- Using public computers it can be done
- Booting a Preinstalled Environment (PE)
- Secure your browsing
- Online applications
- Portable applications
- Advanced data management and authentication
- Covering your tracks
- Checking external media
- Hotspotting Wi-Fi
- Hardening the firewall
- Quit sharing
- Disabling automatic network detection
- Alternative document storage
- Encrypted tunnelling with a Virtual Private Network
- E-mailing clients and webmail
- Remote webmail clients (and other web applications)
- Encrypted webmail
- Checking your encryption type
- Better webmail solutions
- Logging out
- Local software clients
- Keeping the client updated
- Instant scanning
- Sandboxing clients
- Local and remote clients
- Plain text or HTML
- E-mail encryption and digital signatures with PGP
- Encrypting attachments with compression utilities
- Your e-mail addresses
- Don't become phish food
- Beware of spoof addresses
- Damn spam
- SpamAssassin Trainer
- Remote webmail clients (and other web applications)
- Browsers, don't lose your trousers
- Latest versions
- Internet Explorer (IE)
- Isolating older browsers
- Browsers and security
- Chrome's USPs (for good and very bad)
- Chrome outfoxed
- Firefox security settings
- The password manager
- Extending security
- Ad and cookie cullers
- AdBlock Plus *
- Beef Taco *
- BetterPrivacy *
- Ghostery
- Ad Hacker
- FEBE *
- LastPass *
- Locationbar2
- Lock The Text
- Anti-scripting attacks
- NoScript *
- RequestPolicy
- SSL certificate checks
- Certificate Patrol *
- Perspectives *
- Web of Trust (WOT) *
- Ad and cookie cullers
- Anonymous browsing
- Locally private browsing
- Online private browsing
- Anonymous proxy server
- Chained proxies
- SSL proxies and Virtual Private Networks (VPNs)
- Corporate and private VPNs
- Private SOCKS proxy with SSH
- Networking, friending, and info leak
- Third party apps and short links
- Summary
- Look (out), no wires
- 5. Login Lock-Down
- Sizing up connection options
- Protocol soup
- WordPress administration with SSL
- SSL for shared hosts
- Shared, server-wide certificates
- Letting WordPress know
- Logging in
- Dedicated, domain-specific certificates
- Dedicated IP
- Obtaining signed certificates
- Setting up a signed certificate
- Shared, server-wide certificates
- SSL for VPS and dedicated servers
- Creating a self-signed certificate
- Generating the files
- Required Apache modules
- Configuring the virtual host file
- Alerting WordPress and activating SSL
- Using a signed certificate
- Creating a self-signed certificate
- Testing SSL and insecure pages
- SSL reference
- SSL for shared hosts
- SSL and login plugins
- Locking down indirect access
- Server login
- Hushing it up with SSH
- Shared hosting SSH request
- Setting up the terminal locally
- Linux or Mac locally
- Windows locally
- Setting up Tunnelier
- Securing the terminal
- Creating keys: Linux or Mac locally
- Creating keys: Windows locally
- Uploading keys
- Using keys from multiple machines
- SFTP not FTP
- SFTP from the command line
- SFTP using S/FTP clients
- Connecting up a client
- phpMyAdmin login
- Safer database administration
- Control panel login
- Server login
- Apache modules
- IP deny with mod_access
- What is my IP?
- IP spoofing
- Password protect directories
- cPanel's Password Protect Directories
- Authentication with mod_auth
- The htaccess file
- A quick shout out to htaccess, bless
- The passwd file
- Creating and editing password files
- Creating group membership
- Basically, it's basic
- The htaccess file
- Better passwords with mod_auth_digest
- Easily digestible groups
- More authentication methods
- mod_auth_db and mod_auth_dbm
- mod_auth_mysql
- mod_auth_pg95
- Yet more authentication methods
- IP deny with mod_access
- Summary
- Sizing up connection options
- 6. 10 Must-Do WordPress Tasks
- Locking it down
- Backing up the lot
- Prioritizing backup
- Full, incremental and differential
- How and where to backup
- Backing up db + files on the web server
- Backing up db + files by your web host
- Backing up db to (web)mail
- Backing up db and/or files to cloud storage
- SMEStorage Multi-Cloud WordPress Backup
- Automatic WordPress Backup
- Updraft
- BackWPup
- VaultPress
- Un-clouding the issue
- Backing up files for local Windows users
- Installing Cobian as a service
- Setting up Tunnelier's FTP-to-SFTP bridge
- Setting up the bridge
- Saving your profile
- Creating the batch files
- Testing your batch files
- Setting up your first Cobian Backup task
- Hooking Tunnelier into Cobian
- Opening the bridge
- Testing the ruddy thing
- Backing up a database to local machines
- Dumping the data from a database
- Cron the script
- Grabbing the data dump for Windows locally
- Flushing the dump
- Files and db backup for local Mac 'n Linux users
- Full backup to local
- Full backup remote to remote
- Incremental backups to local
- Incremental remote-to-remote
- Backing up backup!
- Updating shrewdly
- Think, research, update
- Dry run updates
- Updating plugins, widgets and other code
- The new update panel
- Neutering the admin account
- The problem with admin
- Deleting admin
- OK, don't delete admin!
- Creating privileged accounts
- Private account names and nicknames
- Least privilege users
- Custom roles
- Denying subscriptions
- Correcting permissions creep
- Pruning permissions at the terminal
- Restyling perms with a control panel
- 777 permissions
- wp-config.php permissions
- Hiding the WordPress version
- Binning the readme
- Cloaking the login page and the version
- Silver bullets won't fly
- Nuking the wp_ tables prefix
- Backing up the database
- Automated prefix change
- Manual prefix change
- Installing WordPress afresh
- Setting up secret keys
- Denying access to wp-config.php
- Hardening wp-content and wp-includes
- Extra rules for wp-include's htaccess
- Extra rules for wp-content's htaccess
- Summary
- 7. Galvanizing WordPress
- Fast installs with Fantastico ... but is it?
- Considering a local development server
- Using a virtual machine
- Added protection for wp-config.php
- Moving wp-config.php above the WordPress root
- Less value for non-root installations
- Moving wp-config.php above the WordPress root
- WordPress security by ultimate obscurity
- Just get on with it
- Introducing remove_actions
- Blog client references
- Feed references
- Relational links
- Linking relationships thingy
- Stylesheet location
- Renaming and migrating wp-content
- The problem with plugins
- The other problem with plugins
- Yet another problem with those pesky plugins
- Default jQuery files
- Themes and things
- "Just another WordPress blog"
- Ultimate security by obscurity: worth it?
- Revisiting the htaccess file
- Blocking comment spam
- Limiting file upload size
- Hotlink protection
- Protecting files
- Hiding the server signature
- Protecting the htaccess file
- Hiding htaccess files
- Ensuring correct permissions
- Adding a deny rule
- Good bot, bad bot
- Bot what?
- Good bot
- Bad bot
- Bots blitzkrieg
- Snaring the bots
- Short circuiting bots with htaccess
- Bots to trot
- The Perishable Press 4G Blacklist
- Honey pots
- Project Honey Pot
- CloudFlare
- Bad Behavior
- Perishable Press Blackhole for bad bots
- Setting up an antimalware suite
- Firewall
- AntiVirus
- More login safeguards
- Limit Login Attempts
- Scuttle log-in errors
- Concerning code
- Deleting redundant code
- Scrutinize widgets, plugins and third party code
- Ditto for themes
- Running malware scans and checking compatibility
- Routing rogue plugins
- Hiding your files
- Summary
- 8. Containing Content
- Abused, fair use and user-friendly
- Scraping and swearing
- The problem with scrapers
- Fair play to fair use
- Extending knowledge, generally with non-commercial intent
- The public interest
- The amount and value of the extracted material
- The effect on the current and future worth of the original content
- Scraping and swearing
- Illegality vs. benefit
- A nice problem to have (or better still to manage)
- Sharing and collaboration
- Sack lawyers, employ creative commons
- Site and feed licensing
- Protecting content
- Pre-emptive defense
- Backlink bar none
- Tweaking the title
- Linking lead content
- Reasserting with reference
- Binning the bots
- Coining a copyright notice
- Fielding your feeds
- Adding a digi-print footer
- Showing only summaries
- Preventing media hotlinks
- Refusing right-clicks
- Watermarking your media
- Backlink bar none
- Reactive response
- Seeking out scrapers
- Investigating the Dashboard
- Incoming links
- Trackbacks
- Investigating the site and server log
- Online investigation
- Searching with Google
- Don't bother with Google Blogs
- Using Google Alerts
- Copyscape
- Feedburner's Uncommon Uses
- Plagium
- TinEye
- Pinpointing scrapers
- Run a WHOIS search
- Investigating the Dashboard
- Seeking out scrapers
- Tackling offenders
- The cordial approach
- The DMCA approach
- The jugular approach
- The legal approach
- Finding the abuse department
- Summary
- Abused, fair use and user-friendly
- 9. Serving Up Security
- .com blogs vs .org sites
- Host type analysis
- Choices choices ...
- Querying support and community
- Questions to ask hosting providers
- Control panels and terminals
- Safe server access
- Understanding the terminal
- Elevating to superuser permissions
- Setting up a panel
- Managing unmanaged with Webmin
- Installing Webmin
- Securing Webmin
- Users, permissions, and dangers
- Files and users
- Ownership and permissions
- Translating symbolic to octal notation
- Using change mode to modify permissions
- WordPress permissions
- Permissions case study: super-tight wp-config.php
- Using change owner to modify ownership
- Owning your files
- Sniffing out dangerous permissions
- Suspect hidden files and directories
- Protecting world-writable files
- Scrutinising SUID and SGID files (aka SxID files)
- Keeping track of changes with SXID
- Cronning SXID
- System users
- Shared human accounts
- Administrative accounts
- Deleting user accounts
- Home directory permissions
- User access
- Non-human accounts
- Repositories, packages, and integrity
- Verifying genuine software
- MD5 checksums
- GnuPG cryptographic signatures
- Verifying genuine software
- Tracking suspect activity with logs
- Reading the Common Log Format (CLF)
- What visitor
- What file
- From where
- What client
- Exercising the logged data
- Chicken and egg with logging plugins
- Legwork for access logs
- Logs and hosting types
- Checking the authorization log
- Securing and parsing logs
- Enabling logs
- Dynamic logs
- Off-site logging
- Log permissions
- Reading the Common Log Format (CLF)
- Summary
- 10. Solidifying Unmanaged
- Hardening the Secure Shell
- Protocol 2
- Port 22
- PermitRootLogin yes
- PasswordAuthentication yes
- AllowUsers USERNAME
- Reloading SSH
- chrooted SFTP access with OpenSSH
- Binning the FTP service and firewalling the port
- Providing a secure workspace
- Deleting users safely
- PHP's .ini mini guide
- Locating your configuration options
- Making .ini a meany
- open_basedir
- Patching PHP with Suhosin
- Installing Suhosin
- Isolating risk with SuPHP
- Installing SuPHP
- Alternatives to SuPHP
- Containing MySQL databases
- Checking for empty passwords
- Deleting the test database
- Remote db connections with an SSH tunnel
- phpMyAdmin: friend or foe?
- Did we mention backup?
- Bricking up the doors
- Ports 101
- Fired up on firewalls
- Bog-standard iptables firewall
- Adding the firewall to the network
- Quitting superuser
- Reference for iptables
- Bog-standard iptables firewall
- Enhancing usability with CSF
- Installing CSF
- CSF as a control panel module
- Setting up the firewall
- Error on stopping the firewall
- CSF from the command line
- Using CSF to scan for system vulnerabilities
- Service or disservice?
- Researching services with Netstat
- Preparing to remove services
- Researching services
- inetd and xinetd super-servers
- Service watch
- Disabling services using a service manager
- Using sysv-rc-conf
- Deleting unsafe services with harden-servers
- Closing the port
- Gatekeeping with TCP wrappers
- Stockier network stack
- Summary
- Hardening the Secure Shell
- 11. Defense in Depth
- Hardening the kernel with grsecurity
- Growling quietly with greater security
- Controlling user access with RBAC
- Second-tier access control
- Training the RBAC system with Gradm
- Memory protection with PaX
- The multi-layered protection model
- Debian grsecurity from repositories
- Compiling grsecurity into a kernel
- Matching the kernel and grsecurity packages
- Exporting the version numbers
- Verifying the package downloads
- Patching the kernel
- Xen VPS configuration part 1
- Configuring the kernel
- grsecurity levels
- Kernel level chroot hardening
- Properly implemented?
- grsecurity and chroot
- Using Sysctl support to maximize security settings
- Options galore
- The kernel executable
- Xen VPS configuration part 2
- Booting and checking the kernel
- Installing Gradm
- Controlling user access with RBAC
- Growling quietly with greater security
- Integrity, logs, and alerts with OSSEC
- Obtaining and verifying the source
- The installation process
- What kind of installation (server, agent, local, or help)?
- Choosing where to install the OSSEC HIDS [/var/ossec]
- Configuring the OSSEC HIDS
- Do you want to add more IPs to the white list?
- Setting the configuration to analyze the following logs
- Using OSSEC
- Updating OSSEC
- Easing analysis with a GUI
- OSSEC-WUI
- Splunk
- Slamming backdoors and rootkits
- (D)DoS protection with mod_evasive
- Sniffing out malformed packets with Snort
- Installing the packages
- Snort's installation options
- Specifying the network
- Point to the database
- Ruby on Rails dependencies
- Snort's installation options
- Creating the web interface
- Creating a sub-domain using an A record
- Setting up the virtual host file
- Creating the database
- Deploying Ruby on Rails with Passenger
- Enabling everything
- Browsing to Snorby
- Hacking yourself
- Configuring the network
- Updating Snort's rule-base
- Sourcefire Vulnerability Research Team (VRT)
- Emerging Threats
- Installing the packages
- Firewalling the web with ModSecurity
- Installing mod-security, the Apache module
- Applying a ruleset
- Enabling CRS and logging
- Tuning your ruleset
- Rulesets and WordPress
- Updating rulesets
- ModSecurity resources
- Summary
- Hardening the kernel with grsecurity
- A. Plugins for Paranoia
- Anti-malware
- Backup
- Content
- Login
- Spam
- SSL
- Users
- B. Don't Panic! Disaster Recovery
- Diagnosis vs. downtime
- Securing your users
- Considering maintenance mode
- Using a plugin
- Using a rewrite rule
- Considering maintenance mode
- Local problems
- Server and file problems
- WordPress problems
- Incompatible plugins
- Injected plugins
- Widgets, third party code and theme problems
- Fun 'n' frolics with files
- Scrutinizing file changes
- Remote file comparison
- Local file comparison
- Deep file scanning
- Verifying uploads and shared areas
- Checking htaccess files
- Pruning hidden users
- Reinstalling WordPress
- Some provisos
- Upload WordPress and plugins
- Importing a database backup
- Editing wp-config-sample.php
- Setting least privileges
- Sending the clean platform live
- Changing your passwords
- Checking your search engine results pages
- Revisiting WordPress security
- C. Security Policy
- Security policy for somesite.com
- Aim
- Goals
- Somesite.com
- Personal Computers
- Server
- Roles and responsibilities
- Security Manager (SM)
- System Administrator
- Site Administrator
- Site Editors
- Other roles
- Network assets
- PCs and media
- Routing gear
- Server
- Website assets
- Backup
- Code updates
- Database
- Domain
- Further policy considerations
- Security policy for somesite.com
- D. Essential Reference
- WordPress 3 Ultimate Security
- Bloggers and zines
- 2600: The Hacker Quarterly
- CGISecurity
- Darknet
- Dark Reading
- ha.ckers
- KrebsonSecurity
- Jeremiah Grossman
- Phrack Magazine
- Forums
- hack in the box
- sla.ckers
- WindowSecurity
- Hacking education
- Go Hacking
- HackThisSite
- Hellbound Hackers
- OWASP WebGoat Project
- We Chall
- YouTube
- Linux
- Linux Online
- Linux Journal
- YoLinux
- Macs and Windows
- Apple Product Security
- Microsoft Security
- Organizations
- OWASP
- SANS
- SecurityFocus
- WASC
- Wikipedia
- Penetration testing
- ISECOM's OSSTM
- OWASP Testing Guide
- Server-side core documents
- Apache HTTP Server Version 2.2 Documentation
- Apache: Module Index
- MySQL: Security
- PHP: Security
- Toolkits
- SecTools.Org
- TREACHERY UNLIMITED
- WASC Web Application Security Scanner List
- Web browsers
- Chrome
- Firefox
- Internet Explorer
- Opera
- Safari
- Browser Security Handbook
- WordPress
- Forums
- .com support
- Codex
- News
- Planet
- Development updates
- Trac
- Reporting Bugs
- Security issues
- Plugin Repository Trac
- Plugins and themes
- Plugins and themes source
- Kvetch!
- IRC
- Mailing lists
- Non-official support
- LinkedIn WordPress group
- WordPress forums
- WordPress Tavern
- Index