IT security keeps on asking me this question.
Every time I do one of these scans I do some more reading and research about the issue and I’m still not completely convinced that WP is doing a good job of handling their session cookies and that they may be vulnerable to session hi-jacking.
….if WP can be made to set the cookies as secure; and failing that, what damage could or couldn’t be done by hijacking the user’s cookies? Knowing the answer to these questions will help us decide how to proceed.”
An answer from the WP developer community would be ideal. Thank you.
We have security measures like blocked IP, forced SSL login/session, table name changes, version changes etc… but i don’t know much about the session cookies and security. I’ve directed them to the what I’ve done – Hardening WordPress etc..
- The topic ‘WP Security Question’ is closed to new replies.