Categories
WordPress

What is FireSheep and How to Protect WordPress from FireSheep

Sites authentication involving encryption process to scramble login information that pass through Internet. This is a standard procedure and supported by almost all publishing platform including WordPress. Unfortunately, for everything else, encryption is not a default feature. When a user login for the first time with username and password, the web server will check the […]

Sites authentication involving encryption process to scramble login information that pass through Internet. This is a standard procedure and supported by almost all publishing platform including WordPress. Unfortunately, for everything else, encryption is not a default feature.

When a user login for the first time with username and password, the web server will check the information to decide if the account is valid. If it is valid, then the web server will reply dan put cookies on browser to track user login session. Even thought the login information are encrypted, but the cookies are not.

This is the hole exploited by FireSheep. FireSheep is a FireFox add-on to sniff wifi network for cookies. It’s easy now to find open wifi network such as in shopping center, restaurant, coffee shop, etc. FireSheep user just need to sit and activate the FireSheep add-on. If there’s an unsecure website, then FireSheep will display names and picture from the accounts captured. By clicking those name/picture, FireSheep can login to those accounts.

FireShip User Interface
FireShip User Interface

Below are few tips to protect WordPress users from FireSheep:

  • Do not use public wifi
  • Use add-ons to force FireFox to use secure channel

From the WordPress itself, the administrator can force WordPress to use secure access via SLL by adding configuration commands in the wp-config.php file:

# Securing login session
define(‘FORCE_SSL_LOGIN’, true);

# Securing administration panel
define(‘FORCE_SSL_ADMIN’, true);

Those two configuration commands are a very good option for securing WordPress sites. To activate it, you should make sure your hosting provider supports it. Consult with your hosting provider about SSL feature.

1 reply on “What is FireSheep and How to Protect WordPress from FireSheep”

Tinggalkan Balasan ke crystal table lamp Batalkan balasan

Alamat email Anda tidak akan dipublikasikan. Ruas yang wajib ditandai *

This site uses Akismet to reduce spam. Learn how your comment data is processed.