• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech Guide
  • Home Improvement
  • Gadget & Apps
  • News

WordPress accounts vulnerable to hacking due to unencrypted cookies

Updated on May 29, 2014 by Guest Authors

There was a recent report on a vulnerability with cookies that should raise the alarm for WordPress users like me who compose blog posts and articles using this blogging platform.

The incident was first discovered by Yan Zhu, a staff technologist from the Electronic Frontier Foundation. The vulnerability comes into play when you use an open Internet connection on a public setting, say, a restaurant or coffee shop. A sniffing malware called Firesheep, among others, has been spotted to be responsible for sending cookies about your login data to your browser in an unencrypted form.

And if some malicious attacker happens to be using the same open connection that you are on, then you’re in a bad situation.

wordpress-hacking

WordPress figures whether a user has been logged out of his or her account or remains logged in using the cookie in question. Cookies are also used for other Internet services such as email, social media accounts, online bank accounts and many more.

Read also: WordPress compromise led to huge phishing wave

It is important for the reason that you are spared from the hassle of entering your username and password each time you return to a frequently visited website. In other words, it is a badge of your online identity and it will always give you a rubber stamp to log in to a website until the cookie expires at a certain point of time.

What happens when this kind of sensitive information becomes exposed to bad actors online? Well, if WordPress in particular transmits unencrypted cookies in plain text, it’s the same as saying that you are giving up your WordPress credentials to hackers.

That single piece of information alone can jeopardize your blog because once it falls into the hands of hackers, they are essentially in control of your WordPress account and may post blog entries using your hijacked identity. They may even display malicious links to your website to spread a phishing campaign. And you are helpless.

The cookie is also hard to wipe out immediately just by logging out of your WordPress account because it does not expire in just a matter of few days. The WordPress cookies expire after three years! In contrast, cookies from other websites expire in just two weeks.

The best thing to do to address this vulnerability is to enable the two-factor authentication on your WordPress account to avoid getting locked out of your blog site if your WordPress.com cookies fall in the wrong hands.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Footer

Transparent Shaving: The yoose ICE Electric Shaver Review

Makeblock mBot Ranger Review – Learn Scratch Coding with the Robot Kit

LISEN MagSafe CD Phone Holder for Car Review

EPOMAKER CIDOO V65 V2 Wireless Mechanical Keyboard Review

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Transparent Shaving: The yoose ICE Electric Shaver Review
  • The Hidden Cost of Cryptocurrency: Bitcoin’s Energy and Water Footprint
  • Free Places To Sleep Inside Hong Kong Airport During Long Transits
  • Exploring the WAINLUX K8: A User-Friendly, Fully Enclosed Laser Engraver

Copyright © 2023 · All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}