WordPress 2.5 SECRET_KEY

The New WordPress 2.5 has intoduced a security feature for wordpress cookies called SECRET_KEY. It will make cookies secure against attacks where someone has hacked into your database via an SQL injection exploit. SECRET_KEY is defined in the wp-config-sample.php file like this :

// Change SECRET_KEY to a unique phrase. You won’t have to remember it later,
// so make it long and complicated. You can visit http://api.wordpress.org/secret-key/1.0/
// to get a secret key generated for you, or just make something up.
define(’SECRET_KEY’, ‘put your unique phrase here’); // Change this to a unique phrase.


If you have installed WordPress 2.5 and copied your previous wp-config.php file to the installation you will not get the New security feature. So Update the wp-config-sample provided with WordPress 2.5 Version defining a SECRET_KEY along with other attributes like Host Name, Database Name, Database User Name, Database Password.

You can generate a Strong Random SECRET_KEY through this url :

http://api.wordpress.org/secret-key/1.0/

Everytime you visit this site or refresh the page it will generate a new SECRET_KEY. Copy the generated line and replace it in the wp-config.php fille and save it.

If you ever need to force all users to log out, simply change the SECRET_KEY. Changing SECRET_KEY will affect only login cookies.