WordPress is one of the world’s most popular content management systems. It’s used by large and small websites around the world.
On most days, WordPress is a safe and secure platform. Unfortunately, a recent security flaw has put that security in jeopardy.
That security flaw exposes your WordPress login data to network sniffing tools. Those tools let anyone easily hack your WordPress account simply by spying on your username and password.
The flaw is related to cookies and was first exposed by Yan Zhu, a member of the Electronic Frontier Foundation. The specific cookie is called “wordpress_logged_in” and tells the browser whether or not a user has already logged in.

wordpress code flaw

Almost all websites have a similar login cookie. It’s the same reason why you don’t have to type your login information every time you visit Facebook or Twitter. Unfortunately, WordPress sends this cookie in plain text.
That means anyone can view the login cookie, steal it, and enter that data on their own device to access your WordPress account.
Once someone has logged into your WordPress account, they can freely add posts, delete posts, break your website, upload new themes, and basically control every aspect of your site.
That’s bad.
What’s worse is that the cookies last for a ridiculously long time: three years. A cookie would likely become unusable before that time period, but it’s unknown whether or not a hijacked user could continue accessing the account using the cookie.
Another problem is that the hacker can setup two factor authentication and effectively lock the real user out of the account. The real user would try to login and be prompted to enter a text message sent to “their phone”, which was in reality sent to the hacker’s phone.
Fortunately, WordPress is aware of this issue and WordPress developer Andrew Nacin told Yan Zhu that the issue would be fixed in the next WordPress release. It’s unknown when that release will arrive.
In the meantime, you should avoid using WordPress on public wireless networks – like coffee shops.

logo main menu

Copyright © 2024, FixMyPcFree. All Rights Reserved Trademarks: Microsoft Windows logos are registered trademarks of Microsoft. Disclaimer: is not affiliated with Microsoft, nor claim direct affiliation. The information on this page is provided for information purposes only. Protection Status

Log in with your credentials

Forgot your details?