Just finish upgrade all my wordpress blog to latest version and add in the new secret key in all the config file.
So what is this secret key ?
Secure cookies — Old Wordpress used cookies with plain data, which were pretty unsafe, but we now have a new cookie technology, where cookies are now encrypted based on new protocol which can be found here . The total cookie is now encrypted with a secret key. which is something like user name|expiration time|HMAC( user name|expiration time, k) where k = HMAC(user name|expiration time, sk) and where sk is a secret key, which you can define in your config.
via here
so add this into your wp-config.php filre
define('SECRET_KEY', 'put your unique phrase here'); // Change this to a unique phrase.
But you can’t just simply add anything , BlogSecurity remind you that it need to something totally random. What you can do is make use of secret key generator by the wordpress team, it will generate a random key, just copy and paste into wp-config.php will do.
after you add in this, if you still in the wordpress admin page, it will log you out and ask you to login again, this is just to refresh the cookie.
If someone really has focused decidedly on your machine he will either have a man-inbetween go or prepare another means to grab packages.
So, using a “secret” key transmitted via http (like the generator mentioned above) does not really help.
For paranoid ppl or ppl that know theyre going to be attacked I would recommend using somethng like hotbits (http://www.fourmilab.ch/hotbits/) where the truly and genuine random password (produced from radioactive decay) is transmitted via secure server to create the key
My 2c, Rattler