Chapter 1. So What's the Risk?
You'd best sit down.
It stands to reason that we can't properly secure a WordPress site until we have a heads-up on its vulnerabilities and the threats it faces. So let's kick off by ensuring awareness.
In this opening chapter, we'll set the scene by introducing the hackers and their tricks and considering how the former plies the latter against a site, whether directly or indirectly:
Knowing the enemy, the variety of mindset, and the levels of skill
Considering physical security and the threat from social engineering
Weighing up OS security, allow vs. deny policies and open vs. closed source
Mulling over malware in its many shapes and forms
Assessing risks from local devices such as PCs and routers
Treading carefully in the malicious minefield that is the web
Sizing up vulnerabilities to WordPress and its third party code
Addressing the frailties of and attacks to your server-side environment
You may think that most of this is irrelevant to WordPress security. Sadly, you'd be wrong.
Your site is only as safe as the weakest link: of the devices that assist in administering it or its server; of your physical security; or of your computing and online discipline. To sharpen the point with a simple example, whether you have an Automattic-managed wordpress.com blog or unmanaged dedicated site hosting, if a hacker grabs a password on your local PC, then all bets are off. If a hacker can borrow your phone, then all bets are off. If a hacker can coerce you to a malicious site, then all bets are off. And so on.
Let's get one thing clear. There is no silver bullet as I will repeat throughout this book. There is no such thing as total security and anyone who says any different is selling something. Then again, what we can achieve, given ongoing attention, is to boost our understanding, to lock our locations, to harden our devices, to consolidate our networks, to screen our sites and, certainly not least of all, to discipline our computing practice.
Even this carries no guarantee. Tell you what though, it's pretty darned tight. Let's jump in and, who knows, maybe even have a laugh here and there to keep us awake ☺.
