Upgrade wordpress and define the secret key

Just finish upgrade all my wordpress blog to latest version and add in the new secret key in all the config file.

So what is this secret key ?

Secure cookies — Old WordPress used cookies with plain data, which were pretty unsafe, but we now have a new cookie technology, where cookies are now encrypted based on new protocol which can be found here . The total cookie is now encrypted with a secret key. which is something like user name|expiration time|HMAC( user name|expiration time, k) where k = HMAC(user name|expiration time, sk) and where sk is a secret key, which you can define in your config.

via here

so add this into your wp-config.php filre

define('SECRET_KEY', 'put your unique phrase here'); // Change this to a unique phrase.

But you can’t just simply add anything , BlogSecurity remind you that it need to something totally random. What you can do is make use of secret key generator by the wordpress team, it will generate a random key, just copy and paste into wp-config.php will do.

after you add in this, if you still in the wordpress admin page, it will log you out and ask you to login again, this is just to refresh the cookie.

Share it with your friends, thanks !
Share on FacebookTweet about this on TwitterShare on Google+Share on TumblrBuffer this pagePin on PinterestEmail this to someone

You may also like...

  • Rattler

    If someone really has focused decidedly on your machine he will either have a man-inbetween go or prepare another means to grab packages.

    So, using a “secret” key transmitted via http (like the generator mentioned above) does not really help.

    For paranoid ppl or ppl that know theyre going to be attacked I would recommend using somethng like hotbits (http://www.fourmilab.ch/hotbits/) where the truly and genuine random password (produced from radioactive decay) is transmitted via secure server to create the key

    My 2c, Rattler