I thought it was enough to just use the SECRET_KEY constant in WordPress, but they went ahead and deprecated it in WordPress 2.6. That sucks. Really does, because everyone will have to define the new constants to get the advantage, if they even changed it for WordPress 2.5.
The new constants are AUTH_KEY, SECURE_AUTH_KEY, and LOGGED_IN_KEY. I could guess what they are for, but I suppose everyone else can too.
Whatever, just make sure to define them when you upgrade and remove the SECRET_KEY definition in your wp-config.php file. It does appear that they’ve been better named for their handling of authentication and to make sure that if one key is found through clever hacking that it will only affect one part of WordPress and allow the others to function.
This will make WordPress more secure, but also more annoying. Well, initially. Do you know how lazy I am when it comes to editing the wp-config.php file? Pretty damn lazy, but I’m going to do it, as soon as I “svn up” and the new constants are active.
Possibly Related Posts:
- WordPress Plugin and Theme Scope
- What I’ve Learned From WordPress
- Why Do I Feel Like an Asshole When Criticizing WordPress?
- PHP5 Straw Man Argument
- WordPress 2.7 Changes Class for Plugins