Anyone else read this? What I am grokking from this is that if you are on an open network (like a coffee-shop or internet cafe) someone can intercept your login-cookie for WordPress and use that to gain access to your wp-admin section.
From there they can change the admin email, re-write posts, etc.
For this reason, and many others, it sounds like it would be a good idea to have a VPN you connect to when using public networks.
I have a browser-icon on my laptop when I click it opens an SSH tunnel connecting to a remote server and launches Firefox which then connects through that SSH port…
but not everyone has a remote server to connect to…VPNs are a nice cheap alternative.