WordPress 2.5 New Security Feature

Chris Kasten from Solo Technology wrote about a new security feature found in WordPress 2.5 that a lot of you upgrading may have missed.

WP 2.5 introduced a “security key” that you add to your wp-config.php file. When I upgrade, I don’t touch that file, and there you go. Missed.

I usually check that file after an upgrade, but I didn’t this time. That’s what I get for being lazy! So, thanks to Chris, I was able to add the security key.

How do you add the security key? It’s easy, in fact even the updated wp-config.php file tells you where to go. Head to the WordPress site and it will generate one for you automatically.

What does it do?

Doing this will invalidate all your logins, so everybody on your site will have to relogin, but doing it will greatly increase the cookie strength of WordPress 2.5. This means that your login cookies, if intercepted, won’t be able to be reproduced as easily. It also means that somebody who gains read-only access to your database through some other means won’t be able to login to your site.

Chris says more about this on his blog. I recommended reading it so you don’t miss this important security feature!