WordPress.org

Ready to get started?Download WordPress

Forums

WordPress security and firesheep (3 posts)

  1. nfong
    Member
    Posted 3 years ago #

    I haven't see anything covering what wordpress is doing to secure itself against firesheep.

    http://techcrunch.com/2010/10/24/firesheep-in-wolves-clothing-app-lets-you-hack-into-twitter-facebook-accounts-easily/

    More info on firesheep:
    http://www.digitalsociety.org/2010/11/online-services-security-report-card/

    wordpress.com is vulnerable if you don't use https - it gets an F!

    Are self host wordpress blogs vulnerable too if you dont install a ssl certificate and use https?

  2. wordpress.com is vulnerable if you don't use https - it gets an F!

    Actually, on WordPress.com, just visit Users/Personal Settings in your Dashboard and check "Always use HTTPS when visiting administration pages."

    Technically, anything that doesn't run over HTTPS or doesn't provide an HTTPS option "gets an F," because that's how Firesheep works.

    Are self host wordpress blogs vulnerable too if you dont install a ssl certificate and use https?

    Yes, you need to use a secure connection over HTTPS to protect yourself from Firesheep. Follow this guide:

    http://codex.wordpress.org/Administration_Over_SSL

  3. Samuel B
    moderator
    Posted 3 years ago #

    also, let's be clear - you have to be using an unsecured wireless network

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.