Okay, WordPress people, check this out by Brian Krebs:
What’s important to note is this:
“One example is Genesis Market, where customers can search for stolen credentials and authentication cookies from a broad range of popular online destinations.”
With authentication cookies, you can login to a WordPress site, with the privilege of the user the cookie was created for.
As Mr. Krebs writes:
“Genesis even offers a custom-made web browser where you can load authentication cookies from botted PCs and waltz right into the account without having to enter a username or password or mess with multi-factor authentication.”
Without having to mess with multi-factor authentication!
You know how to eliminate this possibility of compromise?
Change your salts on a regular basis. What’s a regular basis?
At least once a month. For some, who are really concerned about security, once a week.
What happens when you change the salts? It immediately logs out everyone, even before the cookies are expired. You see, normal cookies in WordPress expire in 48 hours. That’s why, you can go to wp-admin and not have to login again. It’s because the authentication cookies are still active (not expired). Guess what, hackers can use these authentication cookies to login to your WP dashboard without a password!
That’s why they’re sold on black markets like Mr. Krebs describes in his article. Because they have value.