The WordPress.com would be extra cautious from hackers’ attack now you should save your blog posts from hackers. If you are WordPress.com users and using a networking tool like Firesheep your website have more chanced to being hacked.
A recent study by Yan Zhu from Electronic Frontier Foundation revealed the fact while working on HTTPS and Privacy Badger extensions. She shared the news on her personal blog and added the WordPress.com was sending login confirmation cookies to the unencrypted users’ browsers.
The cookie, called “wordpress_logged_in,” is what WordPress.com usages to control whether an administrator is logged in or not. If the cookie is set, then WordPress won’t trouble to request you for your login identifications over the cookie terminates.
This is one of the most common practices used by several online services where you have to constantly enter your username and password each time when you return to a site. And WordPress.com sends the cookies in plain text and it can be easily grabbed by the hackers.
If the hackers manage to catch your login information they can hijack your user’s account to publish blog posts, view private posts, post comments on to other blogs and create a new blog site.
The Zhu also also declared in her report these cookies can be used by the hackers repeatedly if the original users logs out from their account. So, the WordPress.com users need to be careful until the company expert got success to find the best solution of this hijacking problem.