[wp-hackers] The security week? :)

MichaelH justmichaelh at gmail.com
Thu Apr 17 13:48:33 GMT 2008

So is the following accurate?

1. For a new WordPress installation, it is HIGHLY RECOMMENDED to replace the 
'put your unique phrase here' with your own SECRET_KEY phrase.

2. If you don't change the 'put your unique phrase here'  phrase, you are 
actually better off deleting the SECRET_KEY definition from wp-config.php.

3. For users upgrading from pre 2.5 versions, it is recommended to add the 
SECRET_KEY definition to wp-config.php after doing the upgrade.

4. And again, for upgrading users, if they don't add the SECRET_KEY 
definition to their existing wp-config.php, that is okay.

5.  At any time, you can change the SECRET_KEY value in wp-config.php and 
NOT cause problems when users log in with their existing password.

Thank you for your reply.


More information about the wp-hackers mailing list