WordPress security and firesheep | WordPress.org

nfong
(@nfong)

13 years, 5 months ago

I haven’t see anything covering what wordpress is doing to secure itself against firesheep.

http://techcrunch.com/2010/10/24/firesheep-in-wolves-clothing-app-lets-you-hack-into-twitter-facebook-accounts-easily/

More info on firesheep:
http://www.digitalsociety.org/2010/11/online-services-security-report-card/

wordpress.com is vulnerable if you don’t use https – it gets an F!

Are self host wordpress blogs vulnerable too if you dont install a ssl certificate and use https?

Viewing 2 replies - 1 through 2 (of 2 total)

Moderator James Huff
(@macmanx)

Volunteer Moderator

13 years, 5 months ago

wordpress.com is vulnerable if you don’t use https – it gets an F!

Actually, on WordPress.com, just visit Users/Personal Settings in your Dashboard and check “Always use HTTPS when visiting administration pages.”

Technically, anything that doesn’t run over HTTPS or doesn’t provide an HTTPS option “gets an F,” because that’s how Firesheep works.

Are self host wordpress blogs vulnerable too if you dont install a ssl certificate and use https?

Yes, you need to use a secure connection over HTTPS to protect yourself from Firesheep. Follow this guide:

http://codex.wordpress.org/Administration_Over_SSL

Samuel B
(@samboll)

13 years, 5 months ago

also, let’s be clear – you have to be using an unsecured wireless network

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘WordPress security and firesheep’ is closed to new replies.

In: Fixing WordPress
2 replies
3 participants
Last reply from: Samuel B
Last activity: 13 years, 5 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics