Add WordPress SECRET_KEY for Secure Cookies

WordPress 2.5 has incorporated a cool feature for better cookie security. You can add a SECRET_KEY to the wordpress wp-config.php file and make cookies secure against attacks where someone has hacked into your database via an SQL injection exploit etc.

Check the latest sample wp-config-sample.php file and you will see this new line which advises you to add a SECRET_KEY. They advise it can be long and incomprehensible as you just need to cut paste it and forget it.

Visit which will auto-generate a unique secret key everytime. Simply cut and paste and add it to your wp-config.php file. Get a different secret for each of your blogs. Here is how the key looks like when added to your wp-config.php file.


Ryan elaborates that don’t memorize this long code as you just need to paste and forget it. They will not ask for it again. If you ever need to force all users to log out, simply change the SECRET_KEY. Note that changing SECRET_KEY will affect only login cookies.

I have been upgrading WordPress since WP 1.5 days, and in my wp-config.php, it was missing. I simply generated a SECRET_KEY and added it to my wp-config.php file. Hooray for better blog security. Hooray for WordPress 2.5.1