[wp-hackers] The security week? :)
otto at ottodestruct.com
Wed Apr 16 18:10:02 GMT 2008
It would be nice if somebody had mentioned this somewhere. I didn't
even know about this until just now. And I had to search through the
code to find out what it does.
The one thing most people do not change is their wp-config.php file. I
had no idea stuff had been added to it to enable this sort of thing.
On Wed, Apr 16, 2008 at 12:04 PM, Stefano Aglietti <steagl4ml at gmail.com> wrote:
> What about this one?
> I suppoee tons of updates didn't change SECRET_KEY.
> If iI undesrstood right even with no secret key getting an hig level
> access will require lot of time calculation and a stronge long
> password eve if not salted is a good defense unless the attaccker is
> really lucky.
> The question is, secret key setting is a mandatory task? If yes would
> be better WP check for it at first admin access and suggest user to
> change it to avoid risks. Other solution?
> Stefano Aglietti - StallonIt on IRCnet - ICQ#: 2078431
> Email: steve at 40annibuttati.it steagl at people.it
> Sites: http://www.40annibuttati.it (personal blog)
> http://www.wordpress-it.it (WordPress Italia)
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers