You should probably log out

Published about 2 months ago • 3 min read


Bringing the data

Thomas Raef sat down with me to talk about the data he had been seeing. Stolen authentication cookies were fast becoming a very common intrusion vector on sites he's been watching. You can watch the video where he shares some of the info stealers he's seen and how they're used to compromise WordPress sites, and likely many other web-based authenticated accounts.

Now he's bringing the data. Based on 851+ billion log entries and 6 million websites, he's seeing that WordPress websites are getting hacked at scale through authentication credential compromises and NOT through plugin or theme vulnerabilities.

This is in alignment with what I had been seeing in my own site cleaning work. Often it was reused or poorly chosen passwords that allowed an attacker to wreak havoc on sites. I did not see the stolen authentication cookies coming, but I'm fascinated that it's here.

I asked Calvin Alkan of Fortress for his thoughts since Session Hijacking Prevention is what they live and breathe, and this is what he had to say:

Stolen Session Cookies already accounts for 60% of hacked WordPress sites, plugin vulnerabilities being a distant second. WeWatchYourWebsite’s data goes completely against the commonly perpetrated myth that “Updating Plugins & ‘good hosting’” is all you need to be secure - and that’s a much needed update.
Stealing session cookies from local devices (and selling them) has replaced stealing usernames and passwords. I can only see this trend rising as more and more sites adopt 2FA because a stolen session cookie completely bypasses all forms of authentication, including passkeys.
The WordPress (security) ecosystem by and large is not aware of this attack vector, which directly contributes to it being so attractive for hackers.

It's time to start logging out. When you're done with wp-admin, when you're done with your email service provider, when you're done with your bank account, log out. It will kill the authentication cookie and protect you.

This isn't just about WordPress. This affects all of our online sessions, from social media to email, to banking.

I am so guilty of adoring just staying logged in. I will need to retrain myself in so many ways.

The State of WordPress Security

Calvin Alkan sat down with Remkus de Vries to talk about WordPress security on the Within WordPress podcast. It's a good listen about a layered security approach. One of the first things we learned in security school was the Open Systems Interconnection (OSI) model, but it's not something many of us in WordPress reference. Calvin talks about:

  • Why layered security is essential.
  • Why “all in one” security plugins aren’t helping you
  • The services Calvin recommends for securing different layers.

The Rock Wall

When I lived in Mount Shasta, I had a rock wall in front of my house. It was the cause of some boundary-related conflict with a neighbor. I wrote about it years ago, and I was reminded of it again last week. It's important to remember everyone's got something going on, even if you can't see it on the surface. It doesn't excuse bad behavior, but if remembering to be kind can help you forgive, let go, and reduce the importance of someone's bad behavior in your own mind, it's worth it.

Forgiveness is a gift you give yourself: freedom from the past.

Using motivation to show up at your best this year

Blog post #1 for the new gig is published. If you're looking to discover what really motivates you, MCode is the way. This isn't a simple either/or personality test. It's not about whether or not you're motivated by coffee in the morning or tea.

Motivation is more multidimensional than that. The Motivation Code is the one assessment that nails multidimensional motivation.

I didn't really fully understand what makes me happy with the work I do until I understood my top 3 MCode dimensions. It gave me new insight into what makes me tick. (I am Visionary, Influencer, Achiever.) More importantly, perhaps, it gave me permission to allow myself to really be me and make decisions based on what I know works for me.

Are you curious about your own motivation dimensions? You can go through the MCode assessment yourself and review what your dimensions are. If you have questions, I'm here to help answer them. And if you're looking for a discount code for the MCode assessment for you or your whole team, let me know by replying to this email.

Thanks for reading. And thanks for being a subscriber.


If you enjoyed this email, feel free to forward to a friend. If you didn't enjoy, you can unsubscribe via the link below.

750 N Saint Paul St Ste 250 PMB #971704, Dallas, TX 75201-3206
Unsubscribe · Preferences


by Kathy Zant

What makes you fantastic? Insights, stories, advice, inspiration for building your most powerful business. Find what fulfills you & stay secure.

Read more from Zantastic

ZANTASTIC Unauthenticated RCE in two site builders If you're using Bricks Builder version 1.9.6 or earlier or Cwicly version or earlier, it is incredibly important to update immediately. An unauthenticated remote code execution (RCE) vulnerability was found in each of these builders. An unauthenticated RCE means that someone can put a malicious script on another server and cause your site to call that malicious code if you're using vulnerable versions. This is as bad as they get....

13 days ago • 2 min read

ZANTASTIC Take Care When Mark had the stroke, everyone told me "make sure you take care of yourself." I had a thunderbolt of realization a few months ago that I wasn't doing a very good job. I'm starting 2024 on a continued quest to take better care of myself. These efforts have been unfolding over the course of a few months. But I'm sharing what life looks like for me now in the hopes it might inspire you to make positive changes for you. Breath work has been key for me in 2023. New year,...

about 2 months ago • 3 min read
exploding ideas

ZANTASTIC Everything is a Creative Act You are a creator. I caught a video of Rick Rubin on a scroll, and it was a big wake up call as to what I've been missing. Here's a link to the full interview. I made the husband watch Lex Fridman's interview with him which he seemed to like, especially the sections of the interview where they listened to music together. I bought his book, The Creative Act. In starts with one simple quote: The object isn't to make art, it's to be in that wonderful...

3 months ago • 4 min read
Share this post