Add WordPress SECRET_KEY for Secure Cookies
WordPress 2.5 has incorporated a cool feature for better cookie security. You can add a SECRET_KEY to the wordpress wp-config.php file and make cookies secure against attacks where someone has hacked into your database via an SQL injection exploit etc.
Check the latest sample wp-config-sample.php file and you will see this new line
// Change SECRET_KEY to a unique phrase. You won’t have to remember it later,
// so make it long and complicated. You can visit http://api.wordpress.org/secret-key/1.0/
// to get a secret key generated for you, or just make something up.
define(‘SECRET_KEY’, ‘put your unique phrase here’); // Change this to a unique phrase.
Visit api.wordpress.org/secret-key/1.0/ which will auto-generate a unique secret key everytime. Simply cut and paste and add it to your wp-config.php file. Get a different secret for each of your blogs. Here is how the key looks like.
define(‘SECRET_KEY’, ‘:qk94Q]1EB!{`&]%fWhU\”@n`\’]4S4,+ogX%) NCcri:,,%h5(,H-g%}1*>-HXX,8B’);
Ryan elaborates that don’t memorize this long code as you just need to paste and forget it. They will not ask for it again. If you ever need to force all users to log out, simply change the SECRET_KEY. Note that changing SECRET_KEY will affect only login cookies.
I have been upgrading WordPress since WP 1.5 days, and in my wp-config.php, it was missing. I simply generated a SECRET_KEY and added it to my wp-config.php file. Hooray for better blog security. Hooray for WordPress 2.5.1
Thanks for this. I never realized the importance of this.
Good security tips as of now i am not using wp 2.5
I got tired of editing my files, so I wrote a plugin to do it for me on pre-2.5 blogs – it’s free to download:
http://ActiveBlogging.com/info/how-to-change-wordpress-secret_key-plugin/
Just want to say what a great blog you got here!
I’ve been around for quite a lot of time, but finally decided to show my appreciation of your work!
Thumbs up, and keep it going!
Cheers
Christian,Earn Free Vouchers / Cash