Displaying 1 To 6 Of 6 Comments Protecting WordPress Login Credentials From FireSheep Now that I understand better what FireSheep does, I agree – most of those plugins won’t help. All but one. You can STILL use the “One Time Login” plugin, and it will project you from FireSheep – because it’s only good for logging in one time. Even if firesheep hijacked your login authentication cookie – that login is only good for logging in ONE TIME. I agree as well, you should never login using your admin wordpress account over public wifi. » Posted By John Pratt On November 9, 2010 @ 1:47 PM @Jeffro – a LOT of people don´t change their password every 30 days, and that is why I get 2-3 ¨hacked blog¨ clients each week. I get malware clients, people hacked through WP plugins, people hacked through db sql injection, people hacked through themes or image uploads, people hacked through outdated software installed in the same domain, and more – ALL the time! I can´t tell you how many people keep their web control panel login passwords the same for YEARS, and they wonder why all their sites get hacked. What happens if somebody is deliberately sniffing your host for passwords for months – and then they sell the logins to hackers? Even online banking forces password resets, but most web control panels don´t – unless the company has had a security problem or breach (and by then it´s too late). Your web site is your work – protect it. I have told clients HUNDREDS of times – you have a deadbolt on the front door of your house you lock each night, and keyless entry to all your cars, why are you leaving all the doors and windows wide open 24/7 on your web site home? » Posted By John Pratt On November 4, 2010 @ 5:54 PM Actually, as I mentioned in the forum post there are easier ways to protect yourself. Setting up a site to use SSL for admin login in WordPress is quite the pain. It’s easier to just install some helpful (and free) WordPress plugins. One is “Semi-Secure Login Reimagined” (free in the WP Plugin repository). It encrypts your WP password on login WITHOUT using SSL at all. Login Lockdown is another great free plugin, that locks out people using bad usernames or trying to login unsuccessfully multiple times. If you’re on public wifi the free “One-Time Password” plugin is a great way to login with a disposable password, and not have to worry about security at all. The most important thing is to know that you should be conscious of security, change your web control panel and WP logins every 30 days, and use 12 digit STRONG passwords – like the ones randomly generated from http://www.strongpasswordgenerator.com. » Posted By John Pratt On November 3, 2010 @ 6:58 PM Interview With Two WordCamp Detroit Attendees Unbelievable – they came all the way from Madison, Wisconsin! Another great interview with people that are truly excited about WordPress! » Posted By John Pratt On October 16, 2010 @ 3:28 PM Interview With Anthony Montalbano Great interview! If there’s one thing I like – it’s Anthony’s enthusiasm for WordPress! The fact that he had been planning this event for 2 years is a testament to his passion for the platform. » Posted By John Pratt On October 16, 2010 @ 3:24 PM WordCamp Detroit Was A Good Time Excellent writeup! It was definitely a great WordCamp, and I think next years attendance will be at least triple (and sold out as well)! I’m sure the videos will be up soon, and Anthony is to be commended for all his hard work – as well as all the volunteers who helped make this event possible. I also think that next year, the addition of some Q&A stations would be great. » Posted By John Pratt On October 12, 2010 @ 8:33 PMComments Posted By John Pratt
«« Back To Stats Page