{"id":6662,"date":"2014-05-29T11:32:56","date_gmt":"2014-05-29T15:32:56","guid":{"rendered":"http:\/\/www.techwalls.com\/?p=6662"},"modified":"2014-05-29T11:33:05","modified_gmt":"2014-05-29T15:33:05","slug":"wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies","status":"publish","type":"post","link":"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/","title":{"rendered":"WordPress accounts vulnerable to hacking due to unencrypted cookies"},"content":{"rendered":"<p>There was a recent report on a vulnerability with cookies that should raise the alarm for WordPress users like me who compose blog posts and articles using this blogging platform.<!--more--><\/p>\n<p>The incident was first discovered by Yan Zhu, a staff technologist from the Electronic Frontier Foundation. The vulnerability comes into play when you use an open Internet connection on a public setting, say, a restaurant or coffee shop. A sniffing malware called Firesheep, among others, has been spotted to be responsible for sending cookies about your login data to your browser in an unencrypted form.<\/p>\n<p>And if some malicious attacker happens to be using the same open connection that you are on, then you\u2019re in a bad situation.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-6667\" src=\"https:\/\/www.techwalls.com\/wp-content\/uploads\/2014\/05\/wordpress-hacking.jpg\" alt=\"wordpress-hacking\" width=\"300\" height=\"211\" \/><\/p>\n<p>WordPress figures whether a user has been logged out of his or her account or remains logged in using the cookie in question. Cookies are also used for other Internet services such as email, social media accounts, online bank accounts and many more.<\/p>\n<p><strong>Read also<\/strong>: <a title=\"WordPress compromise led to huge phishing wave\" href=\"https:\/\/www.techwalls.com\/wordpress-compromise-led-huge-phishing-wave\/\">WordPress compromise led to huge phishing wave<\/a><\/p>\n<p>It is important for the reason that you are spared from the hassle of entering your username and password each time you return to a frequently visited website. In other words, it is a badge of your online identity and it will always give you a rubber stamp to log in to a website until the cookie expires at a certain point of time.<\/p>\n<p>What happens when this kind of sensitive information becomes exposed to bad actors online? Well, if WordPress in particular transmits unencrypted cookies in plain text, it\u2019s the same as saying that you are giving up your WordPress credentials to hackers.<\/p>\n<p>That single piece of information alone can jeopardize your blog because once it falls into the hands of hackers, they are essentially in control of your WordPress account and may post blog entries using your hijacked identity. They may even display malicious links to your website to spread a phishing campaign. And you are helpless.<\/p>\n<p>The cookie is also hard to wipe out immediately just by logging out of your WordPress account because it does not expire in just a matter of few days. The WordPress cookies expire after three years! In contrast, cookies from other websites expire in just two weeks.<\/p>\n<p>The best thing to do to address this vulnerability is to enable the two-factor authentication on your WordPress account to avoid getting locked out of your blog site if your WordPress.com cookies fall in the wrong hands.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There was a recent report on a vulnerability with cookies that should raise the alarm for WordPress users like me who compose blog posts and articles using this blogging platform.<\/p>\n","protected":false},"author":89,"featured_media":6667,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[1445,9],"tags":[387,28],"class_list":{"0":"post-6662","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-featured","8":"category-news","9":"tag-security","10":"tag-wordpress","11":"entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>WordPress accounts vulnerable to hacking due to unencrypted cookies<\/title>\n<meta name=\"description\" content=\"There was a recent report on a vulnerability with cookies that should raise the alarm for WordPress users like me who compose blog posts and articles using this blogging platform.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Guest Authors\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/\",\"url\":\"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/\",\"name\":\"WordPress accounts vulnerable to hacking due to unencrypted cookies\",\"isPartOf\":{\"@id\":\"https:\/\/www.techwalls.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techwalls.com\/wp-content\/uploads\/2014\/05\/wordpress-hacking.jpg\",\"datePublished\":\"2014-05-29T15:32:56+00:00\",\"dateModified\":\"2014-05-29T15:33:05+00:00\",\"author\":{\"@id\":\"https:\/\/www.techwalls.com\/#\/schema\/person\/440f216965cffca997e53e754f489c84\"},\"description\":\"There was a recent report on a vulnerability with cookies that should raise the alarm for WordPress users like me who compose blog posts and articles using this blogging platform.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/#primaryimage\",\"url\":\"https:\/\/www.techwalls.com\/wp-content\/uploads\/2014\/05\/wordpress-hacking.jpg\",\"contentUrl\":\"https:\/\/www.techwalls.com\/wp-content\/uploads\/2014\/05\/wordpress-hacking.jpg\",\"width\":300,\"height\":211},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techwalls.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Featured\",\"item\":\"https:\/\/www.techwalls.com\/featured\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"WordPress accounts vulnerable to hacking due to unencrypted cookies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techwalls.com\/#website\",\"url\":\"https:\/\/www.techwalls.com\/\",\"name\":\"TechWalls\",\"description\":\"Technology News | Gadget Reviews | Tutorials\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techwalls.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techwalls.com\/#\/schema\/person\/440f216965cffca997e53e754f489c84\",\"name\":\"Guest Authors\",\"url\":\"https:\/\/www.techwalls.com\/author\/guestauthor\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WordPress accounts vulnerable to hacking due to unencrypted cookies","description":"There was a recent report on a vulnerability with cookies that should raise the alarm for WordPress users like me who compose blog posts and articles using this blogging platform.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/","twitter_misc":{"Written by":"Guest Authors","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/","url":"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/","name":"WordPress accounts vulnerable to hacking due to unencrypted cookies","isPartOf":{"@id":"https:\/\/www.techwalls.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/#primaryimage"},"image":{"@id":"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/#primaryimage"},"thumbnailUrl":"https:\/\/www.techwalls.com\/wp-content\/uploads\/2014\/05\/wordpress-hacking.jpg","datePublished":"2014-05-29T15:32:56+00:00","dateModified":"2014-05-29T15:33:05+00:00","author":{"@id":"https:\/\/www.techwalls.com\/#\/schema\/person\/440f216965cffca997e53e754f489c84"},"description":"There was a recent report on a vulnerability with cookies that should raise the alarm for WordPress users like me who compose blog posts and articles using this blogging platform.","breadcrumb":{"@id":"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/#primaryimage","url":"https:\/\/www.techwalls.com\/wp-content\/uploads\/2014\/05\/wordpress-hacking.jpg","contentUrl":"https:\/\/www.techwalls.com\/wp-content\/uploads\/2014\/05\/wordpress-hacking.jpg","width":300,"height":211},{"@type":"BreadcrumbList","@id":"https:\/\/www.techwalls.com\/wordpress-accounts-vulnerable-hacking-due-unencrypted-cookies\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techwalls.com\/"},{"@type":"ListItem","position":2,"name":"Featured","item":"https:\/\/www.techwalls.com\/featured\/"},{"@type":"ListItem","position":3,"name":"WordPress accounts vulnerable to hacking due to unencrypted cookies"}]},{"@type":"WebSite","@id":"https:\/\/www.techwalls.com\/#website","url":"https:\/\/www.techwalls.com\/","name":"TechWalls","description":"Technology News | Gadget Reviews | Tutorials","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techwalls.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.techwalls.com\/#\/schema\/person\/440f216965cffca997e53e754f489c84","name":"Guest Authors","url":"https:\/\/www.techwalls.com\/author\/guestauthor\/"}]}},"_links":{"self":[{"href":"https:\/\/www.techwalls.com\/wp-json\/wp\/v2\/posts\/6662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.techwalls.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techwalls.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techwalls.com\/wp-json\/wp\/v2\/users\/89"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techwalls.com\/wp-json\/wp\/v2\/comments?post=6662"}],"version-history":[{"count":0,"href":"https:\/\/www.techwalls.com\/wp-json\/wp\/v2\/posts\/6662\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.techwalls.com\/wp-json\/wp\/v2\/media\/6667"}],"wp:attachment":[{"href":"https:\/\/www.techwalls.com\/wp-json\/wp\/v2\/media?parent=6662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techwalls.com\/wp-json\/wp\/v2\/categories?post=6662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techwalls.com\/wp-json\/wp\/v2\/tags?post=6662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}