WordPress.org

Support

Support » How-To and Troubleshooting » WordPress security and firesheep

WordPress security and firesheep

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator James Huff

    @macmanx

    Support Team Rep.

    wordpress.com is vulnerable if you don’t use https – it gets an F!

    Actually, on WordPress.com, just visit Users/Personal Settings in your Dashboard and check “Always use HTTPS when visiting administration pages.”

    Technically, anything that doesn’t run over HTTPS or doesn’t provide an HTTPS option “gets an F,” because that’s how Firesheep works.

    Are self host wordpress blogs vulnerable too if you dont install a ssl certificate and use https?

    Yes, you need to use a secure connection over HTTPS to protect yourself from Firesheep. Follow this guide:

    http://codex.wordpress.org/Administration_Over_SSL

    also, let’s be clear – you have to be using an unsecured wireless network

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘WordPress security and firesheep’ is closed to new replies.