Add WordPress SECRET_KEY for Secure Cookies

WordPress 2.5 has incorporated a cool feature for better cookie security. You can add a SECRET_KEY to the wordpress wp-config.php file and make cookies secure against attacks where someone has hacked into your database via an SQL injection exploit etc.

Check the latest sample wp-config-sample.php file and you will see this new line which advises you to add a SECRET_KEY. They advise it can be long and incomprehensible as you just need to cut paste it and forget it.

Visit api.wordpress.org/secret-key/1.0/ which will auto-generate a unique secret key everytime. Simply cut and paste and add it to your wp-config.php file. Get a different secret for each of your blogs. Here is how the key looks like when added to your wp-config.php file.

define('SECRET_KEY', 'YOUR_LONG_CODE');

Ryan elaborates that don’t memorize this long code as you just need to paste and forget it. They will not ask for it again. If you ever need to force all users to log out, simply change the SECRET_KEY. Note that changing SECRET_KEY will affect only login cookies.

I have been upgrading WordPress since WP 1.5 days, and in my wp-config.php, it was missing. I simply generated a SECRET_KEY and added it to my wp-config.php file. Hooray for better blog security. Hooray for WordPress 2.5.1

Share with friends

4
Leave a Reply

Leave a Reply

  Subscribe  
newest oldest most voted
Notify of
Ashish Mohta
Ashish Mohta

Thanks for this. I never realized the importance of this.

Ajay
Ajay

Good security tips as of now i am not using wp 2.5

David Pankhurst
David Pankhurst

I got tired of editing my files, so I wrote a plugin to do it for me on pre-2.5 blogs – it’s free to download:
http://ActiveBlogging.com/info/how-to-change-wordpress-secret_key-plugin/

PyhonejesCony
PyhonejesCony

Just want to say what a great blog you got here!
I’ve been around for quite a lot of time, but finally decided to show my appreciation of your work!

Thumbs up, and keep it going!

Cheers
Christian,Earn Free Vouchers / Cash