The Krack Threat and the risks to your WordPress Website

In recent weeks there has been much media coverage about the latest emerging threat to online security. This new threat is called Krack and it focuses on exploiting vulnerabilities in the WPA2 security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers. This vulnerability potentially puts personal data login credentials and confidential data being transmitted via a wireless-enabled device at theoretical risk of being intercepted. Red Leaf poses the question …. is it time to get SSL Security for your WordPress website?

The bug, known as “KRACK” (for Key Reinstallation Attack), exposes a fundamental flaw in WPA2 which is a core encryption protocol that is used to secure most modern wireless networks and enables us all to use and surf the web privately. KRACK is able to intercept the so called security ‘handshake’ between two Wi-Fi enabled devices. This flaw, if exploited, gives an attacker a skeleton key to access any WPA2 network without a password, meaning that they can then eavesdrop on all your network traffic.

As a Website Owner Should You Be Concerned?

The answer is yes. If you transmit any personal data across the Internet to and from your website you should be concerned. For example:

  • If you have an on-line contact form on your website
  • If you manage your own website content (WordPress) by logging in to your site with a username and password
  • If you allow other users to register with your website and enter personal data
  • If you allow other people to login to your site to assist with its management


If any of the above scenarios apply to your site then now is the time to consider taking steps to protect your own and other peoples data.


Now is the time to consider purchasing an SSL Certificate for your website:

Over the course of the last 12 months the search engines and internet software developers have been working hard to improve the overall security of the web in the face of increasing security concerns. In August 2016 Google officially announced that switching your website over to HTTPS will give your web site a ranking boost in the search results, an effort on their part to encourage website owners to secure their websites using SSL certification and update their websites to use HTTPS.

Implementing SSL security on your website domain is the simplest way of protecting your customer data. By using HTTPS protocols which encrypt all data being sent from your website you will secure all data and protect it from the threat posed by any Wi-Fi devices where the WPA2 encryption been exploited.

The current advice to business users is to stick to websites that use the HTTPS protocol. As a website owner without an SSL certificate you risk your site becoming recognised as a potential threat to visitor and data security. This could undermine visitor confidence about the safety and security of your site as well as impacting on the site’s search engine (SERPs) rankings, ultimately leading to fewer visitors to your website.

If you have concerns about ensuring visitor confidence in the security of your website, would like to purchase an SSL certificate and upgrade to HTTPS, or to discuss any of the above in more detail please contact us at Red Leaf Chichester