Add WordPress SECRET_KEY for Secure Cookies

By Posted 2008 Updated   BloggingSecurityTutorialsWordPress

WordPress 2.5 has incorporated a cool feature for better cookie security. You can add a SECRET_KEY to the wordpress wp-config.php file and make cookies secure against attacks where someone has hacked into your database via an SQL injection exploit etc.

Check the latest sample wp-config-sample.php file and you will see this new line which advises you to add a SECRET_KEY. They advise it can be long and incomprehensible as you just need to cut paste it and forget it.

Visit api.wordpress.org/secret-key/1.0/ which will auto-generate a unique secret key everytime. Simply cut and paste and add it to your wp-config.php file. Get a different secret for each of your blogs. Here is how the key looks like when added to your wp-config.php file.

define('SECRET_KEY', 'YOUR_LONG_CODE');

Ryan elaborates that don’t memorize this long code as you just need to paste and forget it. They will not ask for it again. If you ever need to force all users to log out, simply change the SECRET_KEY. Note that changing SECRET_KEY will affect only login cookies.

I have been upgrading WordPress since WP 1.5 days, and in my wp-config.php, it was missing. I simply generated a SECRET_KEY and added it to my wp-config.php file. Hooray for better blog security. Hooray for WordPress 2.5.1


4 comments on “Add WordPress SECRET_KEY for Secure Cookies

  1. Ashish Mohta says:

    Thanks for this. I never realized the importance of this.

  2. Ajay says:

    Good security tips as of now i am not using wp 2.5

  3. David Pankhurst says:

    I got tired of editing my files, so I wrote a plugin to do it for me on pre-2.5 blogs – it’s free to download:
    http://ActiveBlogging.com/info/how-to-change-wordpress-secret_key-plugin/

  4. PyhonejesCony says:

    Just want to say what a great blog you got here!
    I’ve been around for quite a lot of time, but finally decided to show my appreciation of your work!

    Thumbs up, and keep it going!

    Cheers
    Christian,Earn Free Vouchers / Cash

Leave a Reply

Your email address will not be published. Required fields are marked *




css.php