[wp-hackers] The security week? :)

Otto otto at ottodestruct.com
Wed Apr 16 18:10:02 GMT 2008


It would be nice if somebody had mentioned this somewhere. I didn't
even know about this until just now. And I had to search through the
code to find out what it does.

The one thing most people do not change is their wp-config.php file. I
had no idea stuff had been added to it to enable this sort of thing.


On Wed, Apr 16, 2008 at 12:04 PM, Stefano Aglietti <steagl4ml at gmail.com> wrote:
> What about this one?
>
>  I suppoee tons of updates didn't change SECRET_KEY.
>
>  If iI undesrstood right even with no secret key getting an hig level
>  access will require lot of time calculation and a stronge long
>  password eve if not salted is a good defense unless the attaccker is
>  really lucky.
>
>  The question is, secret key setting is a mandatory task? If yes would
>  be better WP check for it at first admin access and suggest user to
>  change it to avoid risks. Other solution?
>
>  --
>
>  Stefano Aglietti - StallonIt on IRCnet - ICQ#: 2078431
>  Email: steve at 40annibuttati.it steagl at people.it
>  Sites: http://www.40annibuttati.it (personal blog)
>        http://www.wordpress-it.it (WordPress Italia)
>  _______________________________________________
>  wp-hackers mailing list
>  wp-hackers at lists.automattic.com
>  http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list