A Blog Not Limited

to web design, standards & semantics

Book Review:
Securing ExpressionEngine 2

Nov 05, 2011

Published in

Securing ExpressionEngine 2

I must admit up-front that this review is waaaaaaay overdue. It has been on my to-do list for months. But I have a good reason for the delay … or rather a reason …

I didn't just want to say that Mijingo and Mark Huot put together a great resource with the Securing ExpressionEngine 2 how-to booklet. Of course, it's a fantastic resource. No one would expect anything less from Ryan Irelan (the man behind Mijingo) or Mark.

I didn't just want to write that it is so nice to be able to purchase a resource that gives me formats for the multiple devices I'm using these days (OMG I love my Nook!). Of course, Mijingo puts out multiple formats. Ryan and his authors understand what the community needs.

And I didn't just want to write that I freaking love the short, sweet and to–the–point format of the booklet. Of course, Mijingo knows how to deliver products that … well, deliver. Ryan has been doing this for years.

No, for this review, for this fast and easy-reading booklet, I wanted to go through it step–by–step and implement it on my personal EE install (which just happens to be an MSM install). And so it has simply taken me longer to set aside the time for just that.

Real World Application

Lest you think from my last statement that implementing the techniques Mark details is a time-consuming endeavor, it took less than 20 minutes. And, even better, it took about 30 minutes for me to read the entire booklet (leisurely, over coffee).

So maybe 50 minutes total, and that's just because I wanted to read it first rather than implement as I read. Really pathetic when I realize how long I've procrastinated on this. Anyhoo …

Securing My Filesystem

The first part of the book details how to set up your file structure to be more secure. Mark describes it simply, and gives equally simple explanations for why it is important. As a bonus, the media pack for the booklet includes a 3 minute screencast from Ryan, detailing part of this process.

As a self-taught EE user, I have always just left the default file structure as-is. I suspected this probably wasn't good practice, but I suffer from that eyes–glazing–over syndrome whenever web servers are talked about. So this part of the book was a good exercise for me.

Being rather ignorant of filesystems, I was worried a bit about this step, particularly if I'd encounter any issues related to the Multiple Site Manager I'm running on this here blog (which feeds my freelance site and development site for Webuquerque). But it wasn't too bad at all.

Following Mark's steps exactly took care of the front-end and control panel file changes for my primary site. For the other two MSM sites, I simply had to change the $system_path for both of those sites' root index.php files. I also had to change the custom config file variables for the control panel URL for both of the other MSM sites.

One thing I did notice, but the booklet didn't cover is that I had to update my global template preferences settings to reflect my new EE template file directory (since I moved my system file). Mark does mention this file directory in a different context, but it wasn't relevant to my install … perhaps because I have an MSM install or because I still have all my 1.x templates still in place from my upgrade. Who knows. It was easy enough for me to change and troubleshoot … might not be so easy for a newbie, though.

File Organization & Version Control

The next area Mark details is really just his personal preferences for file organization/structure. And I really dig his approach. Simple and straightforward. Many of the directories he uses for default installs just don't make sense for my little sites, so I didn't make these changes. However, I plan to follow his suggestions for my next client site.

I also didn't get into his information regarding version control systems. But it was a guilty reminder that I have got to make time to get Git running on a production site ASAP, before I never take the time to understand how to effectively use it.

EE Settings

The last section of the booklet is my favorite, primarily because you can treat it like a checklist or you can read more detail to understand why a setting is important. This is what really makes Securing ExpressionEngine 2 valuable for me: beyond the practical information, it is just practical to use.

I went through each of the settings Mark mentioned and made corresponding changes where I felt they were relevant to my install. It really couldn't have been easier.

For years, I've left the defaults and, while many of the default settings don't need to be changed, it was great to learn why each setting was necessary. And I felt more responsible after going through the processes detailed in this book … like I was finally grown up enough to do what I should always be doing for my sites. That is, making them secure.

5 Stars

Yep, Securing ExpressionEngine 2 gets a full five-star rating from me because it hit all of the things I want in a technical publication these days:

  • Multiple formats
  • Easy to read
  • Fast to read
  • Practical, implementable steps
  • I really felt like I learned something

So while I'm late in getting this review out, it is just in time for those of you with geeks on your holiday list. I would buy this title again and wouldn't hesitate buying anything else from Mijingo. In fact, I'm eyeing Relationships With Playa right now.

HTML5 Cookbook

Interested in HTML5?
Get the Cookbook!

I was a contributing author for HTML5 Cookbook, available for sale on Amazon! Get yours now! (I hear chapters 1, 4 and 5 are particularly good.)

P.S. Don't forget my book Microformats Made Simple is still for sale!


Share the Love

Commenting is not available in this channel entry.

The Coolest Person I Know

Emily Lewis

Yeah, that would be me: .

I'm a freelance web designer of the standardista variety, which means I get excited about things like valid POSH, microformats and accessibility. I ply my trade from my one-person design studio in Albuquerque, New Mexico 87106 USA.

A Blog Not Limited is my personal blog where I pontificate about web design, web standards, semantics and whatever else strikes my fancy. Head on over to Emily Lewis Design if you'd like to see my work or, even better, hire me.


I Tweet, Therefore I Am

Follow @emilylewis on Twitter!