WordPress security versus TypePad security
Are you afraid of the Cookie Monster? In clear words: Are you worried that someone could steal your personal data and, potentially, hijack your blog account? WordPress has apparently done something to help you protect yourself: SSL. Now, when you access your blog administration pages, WordPress encrypts your connection and helps prevent data scavengers from stealing your password and other info.
What is the Cookie Monster?
Yesterday WordPress announced Protect your blog with SSL, a one-click step to preventing the Cookie Monster from gaining access to your blog. The Cookie Monster is a toolkit that is
used in a variety of man-in-the-middle scenarios to trick a victim’s browser into turning over the authentication cookies used to gain access to user account sections of a website. This vulnerability stems from website developers’ failure to designate authentication cookies as secure. Read more here.
How to lock out the Cookie Monster?
click on Edit Profile in the My Account menu of your dashboard and you’ll see a new field called Browser Connection. There, you can opt to “Always use HTTPS when visiting administration pages.” Click Update Profile to save the change, and you’ll be logged out. Sign back in, and you’re rolling with SSL.
See the screencast here.
What about TypePad?
Frankly, I don’t think TypePad has this functionality. At least, I haven’t seen the https:// when I’m logged in, and I cannot find a single mention of SSL in the TypePad Support pages.
There’s one small downside to activating this feature: Writing and editing and managing my blog appears to be a bit slower now. Not annoyingly slower, but still noticably. Well, a small price to pay for extra security.
TypePad versus WordPress, TypePad-0, WordPress-1.