Cookie hijacking is a security threat for your blog, but because of my inability to explain such complex topics simply, here’s an explanation from Wikipedia:
“During normal operation cookies are sent back and forth between a server (or a group of servers in the same domain) and the computer of the browsing user. Since cookies may contain sensitive information (user name, a token used for authentication, etc.), their values should not be accessible to other computers. Cookie theft is the act of intercepting cookies by an unauthorized party.
Cookies can be stolen via packet sniffing in an attack called session hijacking. Traffic on a network can be intercepted and read by computers on the network other than its sender and its receiver (particularly on unencrypted public Wi-Fi networks). This traffic includes cookies sent on ordinary unencrypted http sessions. Where network traffic is not encrypted, malicious users can therefore read the communications of other users on the network, including their cookies, using programs called packet sniffers.”
Oddly enough, this complex topic has a simple solution.
Open up your wp-config.php file, and scroll down to this code:
define(’AUTH_KEY’, ‘put your unique phrase here’);
define(’SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(’LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(’NONCE_KEY’, ‘put your unique phrase here’);
Now, go over to http://api.wordpress.org/secret-key/1.1/ and copy the randomly generated output. Replace the original 4 lines of code with this newly copied set.
And that’s it! Now your cookies are encrypted, and thus protected against cookie hijacking. Nice and simple.
[...] 2. Encrypt Your Cookies [...]