• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
WP Minder logo

WP Minder

  • WordPress Care Plans
    • Basic Care Plan
    • Advanced Care Plan
    • Premium Care Plan
    • Care Plans for Agencies
    • Compare Care Plans
  • FAQ
  • Blog
  • About
  • Contact
  • Find A Care Plan
  • Log In

hijacker

Cookie Vulnerability Affects Both WordPress.com and Self-Hosted WordPress

May 27, 2014 by Debbie Campbell

PC World reported today about a problem that can allow hijackers to get into both WordPress.com and self-hosted WordPress sites. The reason is that the login cookie (which tells WordPress whether or not you’re logged in) is sent to the browser in plain text format rather than being encrypted. This plain text cookie can be grabbed by any hacker on the same open Wifi network and then your account can be used in many unpleasant ways.

WordPress.org sites are not affected as severely because their login cookies expire in two weeks. With WordPress.com, they are valid for three years, meaning a hacker could have a very extended period of access to an account. The vulnerability will be fixed in the next release of self-hosted WordPress, according to developer Andrew Nacin, but it could be awhile before WordPress.com gets a fix. Read more about the login cookie issue.

Filed Under: News Tagged With: hacker, hijacker, self-hosted, vulnerability, wordpress login cookie, wordpress.com

Primary Sidebar

Categories

  • About WordPress
  • About WP Minder
  • Blogging
  • Design
  • Ecommerce
  • Hosting
  • Legal Issues
  • Maintaining WordPress
  • Managing Content
  • Maximizing Your Business Website
  • Monetizing WordPress
  • Multisite
  • News
  • Online Marketing
    • Email Marketing
    • Podcasting
    • Social Media
  • Performance
  • Privacy
  • Productivity
  • Resources
  • Security
  • SEO
  • User Experience
  • WordPress Plugins
  • WordPress Problems
  • WordPress Themes
  • WordPress Tutorials

Footer

Stripe Climate Partner

From the Blog

  • Why Updates Matter

  • Weekly Links Roundup – Online Sermons, Help Desk Plugins, Before You Hit Publish, Download Managers

  • Weekly Links Roundup – WooCommerce Payments, Uptime Monitors, Popup Plugins

Latest WordPress Security Alerts

  • WordPress Continues to Fall Victim to Carding Attacks
    on April 14, 2021
  • How to Know If You Are Under DDoS Attack
    on April 7, 2021
  • The Importance of Website Backups
    on March 31, 2021

Get WordPress Tips in Your Inbox!

Don't miss our semi-monthly posts with WordPress resources, tips and news for busy business owners and site managers.

© Copyright 2021 WP Minder · All Rights Reserved · Privacy · Terms · Affiliates
WP Minder logo
  • WordPress Care Plans
    • Basic Care Plan
    • Advanced Care Plan
    • Premium Care Plan
    • Care Plans for Agencies
    • Compare Care Plans
  • FAQ
  • Blog
  • About
  • Contact
  • Find A Care Plan
  • Log In
This site uses cookies to enhance your experience. By continuing you agree to the use of cookies. View privacy information.