Sites authentication involving encryption process to scramble login information that pass through Internet. This is a standard procedure and supported by almost all publishing platform including WordPress. Unfortunately, for everything else, encryption is not a default feature.

When a user login for the first time with username and password, the web server will check the information to decide if the account is valid. If it is valid, then the web server will reply dan put cookies on browser to track user login session. Even thought the login information are encrypted, but the cookies are not.

This is the hole exploited by FireSheep. FireSheep is a FireFox add-on to sniff wifi network for cookies. It’s easy now to find open wifi network such as in shopping center, restaurant, coffee shop, etc. FireSheep user just need to sit and activate the FireSheep add-on. If there’s an unsecure website, then FireSheep will display names and picture from the accounts captured. By clicking those name/picture, FireSheep can login to those accounts.

FireShip User Interface

FireShip User Interface

Below are few tips to protect WordPress users from FireSheep:

  • Do not use public wifi
  • Use add-ons to force FireFox to use secure channel

From the WordPress itself, the administrator can force WordPress to use secure access via SLL by adding configuration commands in the wp-config.php file:

# Securing login session
define(‘FORCE_SSL_LOGIN’, true);

# Securing administration panel
define(‘FORCE_SSL_ADMIN’, true);

Those two configuration commands are a very good option for securing WordPress sites. To activate it, you should make sure your hosting provider supports it. Consult with your hosting provider about SSL feature.
Hal yang juga menarik:

Hak Cipta

Semua skrip dan teknik dalam artikel di boleh digunakan sebagaimana kehendakmu tanpa perlu mencantumkan sumber. Kamu tidak boleh mengkopi seluruh artikel, dalam Bahasa Indonesia ataupun diterjemahkan ke dalam bahasa lain.

Related Articles:

Artikel terkait:

About the author

1 Comment

Tinggalkan Balasan

Alamat email Anda tidak akan dipublikasikan. Ruas yang wajib ditandai *

x( X-( B-) ;-) :wink: :twisted: :roll: :oops: :mrgreen: :lol: :idea: :evil: :cry: :arrow: :D :?: :-| :-x :-o :-P :-D :-? :-)) :-) :-( :-& :) :( :!: 8-O 8-) 8) (Русский) (yahoo) (worship) (woot) (wave) (unsure) (tongue) (thinking) (tears) (taser) (smileydance) (sleeping) (sick) (scenic) (rofl) (rock) (party) (panic) (okok) (nottalking) (ninja) (music) (muscle) (muhaha) (money) (mmm) (lonely) (lol) (lmao) (idiot) (hungry) (highfive) (heart_beat) (heart) (headspin) (hassle) (haha) (gym) (griltongue) (goodluck) (girlkiss) (funkydance) (fish_hit) (eyeroll) (evilsmirk) (evil_grin) (drinking) (doh) (devil) (dance) (cry) (cozy) (coffee) (brokenheart) (bringit) (blush) (bigeyes) (beer) (banana_rock) (banana_ninja) (banana_cool) (applause) (annoyed) (angry) (K) (: