kieranbarnes do you know where your towel is?

Wordpress Secret Key & Cookie Strength

There is a little known feature in Wordpress 2.5 called "Secret Key". If you're upgrading from a previous version you probably won't even know this feature exists as it only appears in clean installs where you have a brand new wp-config.php.

If you're upgrading, I'd recommend putting this line somewhere in your wp-config.php

define('SECRET_KEY', 'YOUR SECRET KEY');

Replace YOUR SECRET KEY with a nice long random collection of junk.

Doing so will greatly increase the security of your blog by increasing your Wordpress cookie strenght.

Doing this will invalidate all your logins, so everybody on your site will have to relogin. This means that your login cookies, if intercepted, won't be able to be reproduced as easily. It also means that somebody who gains read-only access to your database through some other means won't be able to login to your site.

Related posts:

1. Crawl Rate Tracker and Wordpress 2.5
   I really like Patrick Altoft's Crawl Rate Tracker Plugin for Wordpress. I rolled it out...
2. How to move Wordpress directory or server – properly
   I ran into an annoying, but easily avoided problem the other day. When moving a...
3. Removing Wordpress plugin references
   I'd like remove all references Wordpress plugins put into my HTML code. Am I selfish?...
4. WP-o-Matic fix for Wordpress 2.5
   WP-o-Matic makes autoblogging a easy by automatically creating posts from the RSS/Atom feeds you give...
5. Wordpress WP-O-Matic Duplicate Posts Fix
   Got a problem with WP-O-Matic creating duplicate posts? Or just Wordpress in general. Me too....

What this article useful to you?

Let me know, buy me a beer!
Alternatively, if you're feeling impecunious, you may like to subscribe to my RSS feed, or see other articles in the Geeky, Wordpress category.