Comments on: Don't forget to add a SECRET_KEY to WordPress http://www.mickmel.com/blog/200804/dont-forget-to-add-a-secret_key-to-wordpress/ My take on social media and SEO Wed, 10 Mar 2010 11:10:33 -0500 http://wordpress.org/?v=2.9.2 hourly 1 By: Elaine Vigneault http://www.mickmel.com/blog/200804/dont-forget-to-add-a-secret_key-to-wordpress/comment-page-1/#comment-155 Elaine Vigneault Tue, 29 Apr 2008 05:55:00 +0000 http://www.mickmelseo.com/?p=73#comment-155 Thanks :) I needed that reminder. Thanks :) I needed that reminder.

]]> By: Mickey http://www.mickmel.com/blog/200804/dont-forget-to-add-a-secret_key-to-wordpress/comment-page-1/#comment-154 Mickey Mon, 28 Apr 2008 19:42:31 +0000 http://www.mickmelseo.com/?p=73#comment-154 I would guess they always hope that it's wrapped in Kevlar (especially if they call it a "secure" release), but people will eventually find a hole. If nothing else, this should say "Don't mess with the cookies -- you're not getting in. Look elsewhere." I really don't know enough about security to fully understand it. However, if it makes WordPress 0.1% more secure, then I'm all for it. Getting hacked just makes for a bad day. I would guess they always hope that it’s wrapped in Kevlar (especially if they call it a “secure” release), but people will eventually find a hole. If nothing else, this should say “Don’t mess with the cookies — you’re not getting in. Look elsewhere.”

I really don’t know enough about security to fully understand it. However, if it makes WordPress 0.1% more secure, then I’m all for it. Getting hacked just makes for a bad day.

]]> By: David Bradley http://www.mickmel.com/blog/200804/dont-forget-to-add-a-secret_key-to-wordpress/comment-page-1/#comment-153 David Bradley Mon, 28 Apr 2008 19:39:35 +0000 http://www.mickmelseo.com/?p=73#comment-153 Point taken, but if the vulnerability has wrapped in Kevlar, then a strip of duct tape over the top ain't gonna bolster your defenses. Of course, if the new 2.5.1 security is just wads of duct tape, then some extra bullet proofing will be welcome. I've implemented the tip regardless, but then I have been known on occasion to tie a double bow in my running shoes too ;-) db Point taken, but if the vulnerability has wrapped in Kevlar, then a strip of duct tape over the top ain’t gonna bolster your defenses. Of course, if the new 2.5.1 security is just wads of duct tape, then some extra bullet proofing will be welcome. I’ve implemented the tip regardless, but then I have been known on occasion to tie a double bow in my running shoes too ;-)

db

]]> By: Mickey http://www.mickmel.com/blog/200804/dont-forget-to-add-a-secret_key-to-wordpress/comment-page-1/#comment-152 Mickey Mon, 28 Apr 2008 19:33:53 +0000 http://www.mickmelseo.com/?p=73#comment-152 David - That's my understanding, yes. However, isn't a bit of redundant security a good thing, especially on something that people work so hard to crack? David – That’s my understanding, yes. However, isn’t a bit of redundant security a good thing, especially on something that people work so hard to crack?

]]> By: David Bradley http://www.mickmel.com/blog/200804/dont-forget-to-add-a-secret_key-to-wordpress/comment-page-1/#comment-151 David Bradley Mon, 28 Apr 2008 19:31:03 +0000 http://www.mickmelseo.com/?p=73#comment-151 If I read you correctly and version 2.5.1 is secure, then isn't adding the secret key redundant? db If I read you correctly and version 2.5.1 is secure, then isn’t adding the secret key redundant?

db

]]> By: Paula Hawk http://www.mickmel.com/blog/200804/dont-forget-to-add-a-secret_key-to-wordpress/comment-page-1/#comment-150 Paula Hawk Mon, 28 Apr 2008 19:14:42 +0000 http://www.mickmelseo.com/?p=73#comment-150 Thanx for this post - I'm so slow on updating and things on my personally hosted sites, this could have caused me BIG problems! :) Thanx for this post – I’m so slow on updating and things on my personally hosted sites, this could have caused me BIG problems! :)

]]>