Here‘s a quick security tip: ALWAYS log out of your website.
Why? It turns out that hackers have become adept at stealing session cookies.
A cookie is created on your device each time you log in. The file allows you to stay logged in as you navigate the site. This technology is used all over the place. That includes sites powered by WordPress.
A session cookie that falls into the wrong hands is dangerous. The malicious actor can use it to “impersonate” you on a website. They can access your account and everything in it. No, they don’t need a password – just the cookie!
I recently covered this subject over at Speckyboy. I spoke with a security expert who had a simple recommendation: log out of your site.
Logging out expires the session cookie. An expired cookie is useless to a hacker.
What about closing your browser tab?
That doesn’t work. The cookie is still technically valid at that point. A WordPress cookie can live up to 48 hours. That stretches to 14 days if you click the “remember me” checkbox when logging in.
It’s game over once a hacker accesses a valid cookie. That’s why logging out is your best defense.
The other part of the equation involves securing your device. Install antivirus/antimalware software. Use strong passwords. Be careful with email attachments and links.
As it turns out, a secure device means a more secure website.