[wp-hackers] The security week? :)

Otto otto at ottodestruct.com
Wed Apr 16 21:10:20 GMT 2008

On Wed, Apr 16, 2008 at 2:16 PM, Mark Jaquith <mark.wordpress at txfx.net> wrote:
>  We have a couple options here:
>  1. Spread the word and encourage people to add it.
>  2. Have a "nag" in wp-admin that generates a random salt, prints the
> define('SECRET_KEY', $random_salt); line and tells you to add it to
> wp-config.php
>  3. Try to automatically add the SECRET_KEY define() to wp-config.php and
> fall back to #2 if we cannot.
>  #1 is going to result in very few people utilizing the feature.  #2 or #3
> is probably the way to go.

I like all of the above. Step 1, nag the user with a yellow box, like
with an upgrade (You need to create a secret key!). Step 2, give them
a page linked from said yellow box to generate one and save it
automatically or present it to them and have them do it themselves.
Should simply be a good long random string.

More information about the wp-hackers mailing list