Safer Cookies Plugin For WordPress

As you might know, when you log in to a WordPress blog a session cookie is created that serves as a kind of authentication “key”. This is what lets you stay logged in and access various areas of the dashboard without having to enter your password every time. However, if a hacker was to get this cookie from your computer - e.g. via some kind of cross-site attack - he would be able to use it to get into your blog.

Safer Cookies is a WordPress plugin that ties the session cookie to the user’s IP address, which ensures the cookie can’t be used to access the admin panel from another computer. Use it to make your blog more secure and resistant to hackers. It’s easy - the plugin functions in a “set and forget” manner, just activate it and enjoy :)

Download Plugin

safer-cookies.zip (1 KB)
Requirements : WP 2.5+

You will need to log in again after you activate this plugin. This is normal and shows that the plugin is working. On the other hand, you probably shouldn’t use this plugin if your IP address changes very often, as you’ll need to log in anew every time that happens.

Related posts :
This entry was posted on Saturday, July 12th, 2008 at 7:29 pm and is filed under Applications, Blogging. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

9 Responses to “Safer Cookies Plugin For WordPress”

  1. 1
    underworld Says:
    July 13th, 2008 at 3:19 pm

    Good plugin if you use static ip’s!

    Wordpress is one of the high risk cookies I would say - due to its popularity its one
    that is likely to be looked for!

    Reply - Quote
  2. 2
    White Shadow Says:
    July 13th, 2008 at 3:25 pm

    Yeah, I was pretty surprised it hasn’t been implemented in WP core years ago. With the popularity of WordPress security must surely be one of the main concerns.

    Reply - Quote
  3. 3
    underworld Says:
    July 13th, 2008 at 8:48 pm

    They would rather turn functions offf than fix them for security it would seem since their recent xmlrpc action!

    Reply - Quote
  4. 4
    White Shadow Says:
    July 13th, 2008 at 10:23 pm

    Indeed, that “solution” is a bit questionable.

    Reply - Quote
  5. 5
    underworld Says:
    July 14th, 2008 at 10:28 pm

    questionably annoying but really solving nothing! ah well this is life for big corps these days!

    Reply - Quote
  6. 6
    Philix Says:
    July 28th, 2008 at 10:32 am

    This is a realy nice plugin

    Reply - Quote
  7. 7
    Poojan Wagh Says:
    August 23rd, 2008 at 2:50 pm

    Excellent plug-in. I was actually looking for an answer to see if WP 2.6+ restricts/cookies cookies by IP addresses. I guess not. Thanks for the plugin!

    Reply - Quote
  8. 8
    patrick Says:
    October 11th, 2008 at 12:27 am

    Hi,
    thanks for your plugin,
    how does it work when 2 users (or more) access through the same internetconnection (with NAT) to the blog. Is the other able to steal my cookie an login?

    Greets Patrick

    Reply - Quote
  9. 9
    White Shadow Says:
    October 11th, 2008 at 12:35 am

    Yes, I think that would be theoretically possible, i.e. the external IP that WordPress sees would be the same for both users.

    Reply - Quote

Leave a Reply