[wp-docs] Question about SECRET_KEY et al.

Xavier Borderie xavier at borderie.net
Tue Nov 11 12:20:07 GMT 2008


(cross-posted to wp-testers and wp-docs)

The Codex tells updaters to add the SECRET_KEY line to their wp-config.php file.
http://codex.wordpress.org/Upgrading_WordPress_Extended#Step_13:_Add_the_SECRET_KEY_definition_to_wp-config.php
Users could be helped with wp.org itself:
http://api.wordpress.org/secret-key/1.0/

With 2.7, this has changed:
SECRET_KEY seems to be no more, and has been replaced in
wp-config-sample.php with three lines:
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
The wp.org API has been updated to reflect that:
http://api.wordpress.org/secret-key/1.1/ now hanles these 3 lines, and
not SECRET_KEY.

So, I might be behind about this, but could someone confirm that
SECRET_KEY is no longer required for salting?
Is it deprectated, or are the 3 other lines just specialized salting,
with WP relying on SECRET_KEY if they do not exist?
Are the 3 new lines required for salting?
Could someone point me to the rationale behind this change? (trac
ticket, maybe?)

Finally, while it's safer to salt passwords, should it be made a
requirements? Or can user simply live with un-salted passwords?

Thanks a lot for any information.


-- 
Xavier Borderie


More information about the wp-docs mailing list