[wp-hackers] The security week? :)
Otto
otto at ottodestruct.com
Wed Apr 16 21:10:20 GMT 2008
On Wed, Apr 16, 2008 at 2:16 PM, Mark Jaquith <mark.wordpress at txfx.net> wrote:
> We have a couple options here:
>
> 1. Spread the word and encourage people to add it.
> 2. Have a "nag" in wp-admin that generates a random salt, prints the
> define('SECRET_KEY', $random_salt); line and tells you to add it to
> wp-config.php
> 3. Try to automatically add the SECRET_KEY define() to wp-config.php and
> fall back to #2 if we cannot.
>
> #1 is going to result in very few people utilizing the feature. #2 or #3
> is probably the way to go.
I like all of the above. Step 1, nag the user with a yellow box, like
with an upgrade (You need to create a secret key!). Step 2, give them
a page linked from said yellow box to generate one and save it
automatically or present it to them and have them do it themselves.
Should simply be a good long random string.
More information about the wp-hackers
mailing list