[wp-hackers] The security week? :)

Stefano Aglietti steagl4ml at gmail.com
Wed Apr 16 17:04:12 GMT 2008

What about this one?

I suppoee tons of updates didn't change SECRET_KEY.

If iI undesrstood right even with no secret key getting an hig level
access will require lot of time calculation and a stronge long
password eve if not salted is a good defense unless the attaccker is
really lucky.

The question is, secret key setting is a mandatory task? If yes would
be better WP check for it at first admin access and suggest user to
change it to avoid risks. Other solution?


Stefano Aglietti - StallonIt on IRCnet - ICQ#: 2078431
Email: steve at 40annibuttati.it steagl at people.it
Sites: http://www.40annibuttati.it (personal blog)
       http://www.wordpress-it.it (WordPress Italia)

More information about the wp-hackers mailing list