hacking tool for WordPress

Since the rollout of social media and blogging, I have wondered “why aren’t these sites using SSL”. When I told my wife my facebook account got hacked, she didn’t believe me. Then her’s got hacked. Session Hijacking has been around for a while now, so it’s nothing new, but the hacking tool Firesheep, an extension to Firefox, is a new illustration of that vulnerability. It has built in strings to capture session keys from all of the favorite web sites, including twitter, facebook and wordpress among others. This is not just about social sites, it is about Enterprise apps also, being exposed. Companies are using Twitter, Facebook and WordPress as business tools. So it is now an Enterprise security issue, a real risk to applications that run the business. And with many of our execs going mobile, they are using these tools from places with open WiFi such as airports, coffee shops and hotels. Fixing the threat is easy, by putting a NetScaler VPX in front of these site(s) and automatically redirecting HTTP to HTTPS. Here are the steps necessary to implement the fix, along with a video that shows how easy it is to hack using session hijacking, and how easy it is to fix this problem.

Steps for securing WordPress with SSL – WordPress hosted at a service provider:

  1. Download and install XenServer
  2. Download and install NetScaler VPX for XenServer
  3. Install SSL Certificate on the NetScaler
  4. Create a Load Balancing VIP with new publicly routable IP Address
  5. Edit DNS entry for your wordpress site to point to the NetScaler Load Balancing VIP
  6. Set Service to the IP Address of your wordpress site at the service provider
  7. Set Load Balancing VIP port 80 to automatically redirect to port 443

Connect to http://<yourwordpresssite.com> and it should automatically redirect to https://<yourwordpresssite.com>.

Steps for securing WordPress with SSL – WordPress hosted in your own DMZ:

  1. Download and install XenServer
  2. Download and install NetScaler VPX for XenServer
  3. Install SSL Certificate on the NetScaler
  4. Create a Load Balancing VIP with a new publicly routable IP Address
  5. Edit DNS entry for your wordpress site to point to the NetScaler Load Balancing VIP
  6. Set the Service to point to the IP Address of your locally hosted wordpress site
  7. Set Load Balancing VIP port 80 to automatically redirect to port 443

Connect to http://<yourwordpresssite.com> and it should automatically redirect to https://<yourwordpresssite.com>.

Its easy

Download XenServer here

Donwload NetScaler VPX here

The Citrix Community is powerful!