kieranbarnes

There is a little known feature in Wordpress 2.5 called “Secret Key“. If you’re upgrading from a previous version you probably won’t even know this feature exists as it only appears in clean installs where you have a brand new wp-config.php.

If you’re upgrading, I’d recommend putting this line somewhere in your wp-config.php

define('SECRET_KEY', 'YOUR SECRET KEY');

Replace YOUR SECRET KEY with a nice long random collection of junk.

Doing so will greatly increase the security of your blog by increasing your Wordpress cookie strenght.

Doing this will invalidate all your logins, so everybody on your site will have to relogin. This means that your login cookies, if intercepted, won’t be able to be reproduced as easily. It also means that somebody who gains read-only access to your database through some other means won’t be able to login to your site.

This entry was posted on Thursday, April 24th, 2008 at 17:43 and is filed under Geekery, Wordpress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Was this post useful to you? Let me know, buy me a beer!
Alternatively, if you're feeling impecunious, you may like to subscribe to my RSS feed, or see other articles in the Geekery, Wordpress category.