Browsing around for security tips (trying to work out an issue on my work blog), I came across:
http://boren.nu/archives/2008/07/14/ssl-and-cookies-in-wordpress-26/
define(’AUTH_KEY’, ‘put your unique phrase here’);
define(’SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(’LOGGED_IN_KEY’, ‘put your unique phrase here’);
These three keys increase the security of your browser cookies, making wordpress more secure to normal users. These keys are only useful if your are implementing a mixed HTTP/SSL environment. If you are using HTTP only, the you should stick with
define(’SECRET_KEY’, ‘put your unique phrase here’);
Added in 2.5, used to increase security of your browser cookies in an all plain text website (HTTP only).
define(’FORCE_SSL_LOGIN’, true);
Force usage of SSL for login and admin pages.
define(’FORCE_SSL_ADMIN’, true);
Force usage of SSL for admin pages only, login still uses HTTP.
Follow me on Twitter 