WordPress.org

Forums

The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

WordPress security and firesheep (3 posts)

  1. nfong
    Member
    Posted 5 years ago #

    I haven't see anything covering what wordpress is doing to secure itself against firesheep.

    http://techcrunch.com/2010/10/24/firesheep-in-wolves-clothing-app-lets-you-hack-into-twitter-facebook-accounts-easily/

    More info on firesheep:
    http://www.digitalsociety.org/2010/11/online-services-security-report-card/

    wordpress.com is vulnerable if you don't use https - it gets an F!

    Are self host wordpress blogs vulnerable too if you dont install a ssl certificate and use https?

  2. James Huff
    Support Team Rep.
    Posted 5 years ago #

    wordpress.com is vulnerable if you don't use https - it gets an F!

    Actually, on WordPress.com, just visit Users/Personal Settings in your Dashboard and check "Always use HTTPS when visiting administration pages."

    Technically, anything that doesn't run over HTTPS or doesn't provide an HTTPS option "gets an F," because that's how Firesheep works.

    Are self host wordpress blogs vulnerable too if you dont install a ssl certificate and use https?

    Yes, you need to use a secure connection over HTTPS to protect yourself from Firesheep. Follow this guide:

    http://codex.wordpress.org/Administration_Over_SSL

  3. Samuel B

    Posted 5 years ago #

    also, let's be clear - you have to be using an unsecured wireless network

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.