RealTime IT News

WordPress at Risk from Insecure Cookies?

From a WordPress perspective, a number of things can be done to improve security as it relates to cookies.

In an email to eWEEK, open-source WordPress developer Andrew Nacin explained that WordPress segregates its cookies for security.

"The front-end cookie is delivered over HTTP by default and is simply used to identify the user for the purposes of the logged-in toolbar, an edit post link in the theme, etc," Nacin said. "The admin-only cookie is delivered with the secure flag if the user is forcing the dashboard to be used over SSL."

The admin-only cookie is required to access the dashboard and change settings, manage posts or edit the user's profile, Nacin said.

Read the full story at eWEEK:
WordPress Gets Flagged for Insecure Cookie Risk

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.