• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Write for Us
  • Contact

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

WordPress accounts vulnerable to hacking due to unencrypted cookies

Updated on May 29, 2014 by Chesky Ron

There was a recent report on a vulnerability with cookies that should raise the alarm for WordPress users like me who compose blog posts and articles using this blogging platform.

The incident was first discovered by Yan Zhu, a staff technologist from the Electronic Frontier Foundation. The vulnerability comes into play when you use an open Internet connection on a public setting, say, a restaurant or coffee shop. A sniffing malware called Firesheep, among others, has been spotted to be responsible for sending cookies about your login data to your browser in an unencrypted form.

And if some malicious attacker happens to be using the same open connection that you are on, then you’re in a bad situation.

wordpress-hacking

WordPress figures whether a user has been logged out of his or her account or remains logged in using the cookie in question. Cookies are also used for other Internet services such as email, social media accounts, online bank accounts and many more.

Read also: WordPress compromise led to huge phishing wave

It is important for the reason that you are spared from the hassle of entering your username and password each time you return to a frequently visited website. In other words, it is a badge of your online identity and it will always give you a rubber stamp to log in to a website until the cookie expires at a certain point of time.

What happens when this kind of sensitive information becomes exposed to bad actors online? Well, if WordPress in particular transmits unencrypted cookies in plain text, it’s the same as saying that you are giving up your WordPress credentials to hackers.

That single piece of information alone can jeopardize your blog because once it falls into the hands of hackers, they are essentially in control of your WordPress account and may post blog entries using your hijacked identity. They may even display malicious links to your website to spread a phishing campaign. And you are helpless.

The cookie is also hard to wipe out immediately just by logging out of your WordPress account because it does not expire in just a matter of few days. The WordPress cookies expire after three years! In contrast, cookies from other websites expire in just two weeks.

The best thing to do to address this vulnerability is to enable the two-factor authentication on your WordPress account to avoid getting locked out of your blog site if your WordPress.com cookies fall in the wrong hands.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

VANKYO Cinemango 100 Mini Video Projector Review – A Great Budget Projector with A Defect

Kensington OfficeAssist M100S Anti-Jam Cross Cut Shredder Review

Keychron K2 RGB Wireless Mechanical Keyboard Review – Great for Mac and Windows

HUANUO HNFR4 Adjustable Under-Desk Footrest Review

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • VANKYO Cinemango 100 Mini Video Projector Review – A Great Budget Projector with A Defect
  • Kensington OfficeAssist M100S Anti-Jam Cross Cut Shredder Review
  • Discovering 3 Platforms that will Change Sports Forever
  • How to identify a trusted online store to buy tech gadgets?

Disclosures

As an Amazon Associate, I earn from qualifying purchases.

TechWalls uses cookies for Google ads. Read about what we do with the data we gather in the Privacy Policy.

Copyright © 2019 · All Rights Reserved