[wp-polyglots] RC3 and default secret key
Bertilo Wennergren
bertilow at gmail.com
Sun Mar 30 02:32:48 GMT 2008
Nikolay Bachiyski wrote:
> 2008/3/29, Francesc Hervada-Sala <francesc at hervada.org>:
>> Am Freitag, 28. März 2008 19:07:00 schrieb Nikolay Bachiyski:
>>
>>> Except for the RC3, there is a more specific localization problem for
>> > 2.5 I would like to cover. Probably you have already seen that in the
>> > new wp-config-sample.php there is a line like:
>> >
>> > define('SECRET_KEY', 'put your unique phrase here');
>> >
>> > It is very very important that you either:
>> >
>> > 1. Do not translate 'put your unique phrase here'
>> >
>> > or
>> >
>> > 2. Translate it, but create a file named your-locale.php in
>> > wp-content/languages/ and insert the following line there:
>> >
>> > $wp_default_secret_key = 'your translated phrase here';
>> I had already translated this string at wp-config-sample.php without putting
>> the <locale>.php file but instead translating the same string at
>> wp-settings.php. Is this ok, too?
> It works, but it would be better to include <locale>.php. For the next
> release you won't need to change any core files, so the transition
> will be easier if you don't have any other patches. Moreover the
> <locale>.php approach will work also if the user has the original core
> files.
But this means that the explanation in "wp-config(-sample).php" is
not complete. The current explanation only says that the user should
put a unique phrase in "wp-config.php". But actually the same phrase
needs to be put into "<locale>.php" as well. That information is
nowhere to be found. As it is now things will only work correctly
if you don't change the default "unique" phrase, but you are supposed
to change it, right?
So "wp-config(-sample).php" should actually go like this (if I
understand things correctly):
// Change SECRET_KEY to a unique phrase. You won't have to remember
// it later, so make it long and complicated. You can visit
// https://www.grc.com/passwords.htm
// to get a phrase generated for you, or just make something up.
define('SECRET_KEY', 'put your unique phrase here'); // Change this to
// a unique phrase.
// Also put the exact same unique phrase into the file
// "wp-content/languages/<locale>.php" (instead of <locale> use the
// name of the locale that you state for WP_LANG later in this file)
That, however, seems extremely complicated. Many unexperienced users
will probably not get that right. (But if there is no explanation at
all, they will most certainly get it wrong, unless the don't change
the default phrase at all, which is also wrong...)
I have however no idea what will actually go wrong if "wp-config.php"
and "<locale>.php" have different unique phrases... The sky will fall
on someone's head, I guess...
--
Bertilo Wennergren <http://bertilow.com>
More information about the wp-polyglots
mailing list