Additional security to Wordpress

Posted by John Williams

August 7, 2008

Browsing around for security tips (trying to work out an issue on my work blog), I came across:

http://boren.nu/archives/2008/07/14/ssl-and-cookies-in-wordpress-26/

define(’AUTH_KEY’, ‘put your unique phrase here’);
define(’SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(’LOGGED_IN_KEY’, ‘put your unique phrase here’);

These three keys increase the security of your browser cookies, making wordpress more secure to normal users. These keys are only useful if your are implementing a mixed HTTP/SSL environment. If you are using HTTP only, the you should stick with

define(’SECRET_KEY’, ‘put your unique phrase here’);

Added in 2.5, used to increase security of your browser cookies in an all plain text website (HTTP only).

define(’FORCE_SSL_LOGIN’, true);

Force usage of SSL for login and admin pages.

define(’FORCE_SSL_ADMIN’, true);

Force usage of SSL for admin pages only, login still uses HTTP.

Security, WebDev

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments

No comments yet.

Additional security to Wordpress

Comments

Leave a comment

Search

Archives

Categories

Recent Posts

Meta

ASPECT Scripting

Gaming

Misc

Music

Nortel

Photography

Social Networking

WebDev

My Amazon Favorites

All About Nortel

News Topix: Nortel

Security Headlines

News Headlines