Security messures: cookies | ww.wp.xz.cn

andyandy
(@androidandreas)

2 years, 6 months ago
Having dealt with a suspected session hijacking lately, I have been doing some research and came across this article:

Get the Best Practices Guide

To summarise, it recommends 12 security measures. I was wondering how many of these were really necessary. My site is basically just a blog, not some commercial site.

I am sure https: and a Security Certificate are advisable, but what about the other steps. Are any/all of these worthwhile for a site like mine?
- Use the Secure Cookie Flag
- Use Long and Random session IDs
- Regenerate Session ID after login
- Perform Seecondary Checks
- Change the Cookie Value
- Only Accept server-Generated Session IDs
- Do not accept session IDS from GET/POST Variables
- Time out inactive sessions
- Destroy suspiious referrers
The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

Benedikt Ledl
(@benniledl)

2 years, 6 months ago

Hi,

in my personal opinion any of these security measures against session hijacking are not necessary for a simple blog. The standard security measures should be enough.

Thread Starter andyandy
(@androidandreas)

2 years, 6 months ago

Thanks, that will save a lot of work.

leekan123
(@leekan123)

2 years, 6 months ago

I think the standard security is enough

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Security messures: cookies’ is closed to new replies.

In: Fixing WordPress
3 replies
3 participants
Last reply from: leekan123
Last activity: 2 years, 6 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics