

Unsafe cookies leave WordPress accounts open to hijacking, 2-factor bypass - wrongc0ntinent
http://arstechnica.com/security/2014/05/unsafe-cookies-leave-wordpress-accounts-open-to-hijacking-2-factor-bypass/

======
rzimmerman
I think the real problem is that Wordpress appeals to a lot of casual users
who are understandably not security experts and the default settings are not
secure. Getting a Wordpress server started and working isn't too hard but
actually setting one up correctly is almost a full-time job.

