Skip to content
 

Setting the WordPress 2.5 Secret Key

I’ve been exploring the WordPress 2.5 Release Candidate 1. I found a few bugs that are probably related to AJAX or javascript under Safari 3.04. I made a few suggestions and comments for part of the new design aspect of the Administrative section. But one interesting thing I haven’t seen mentioned anywhere is WP 2.5’s “Secret Key.”

When you set up WordPress, you put your database settings in the wp-config.php file. There is a new line there:

// Change SECRET_KEY to a unique phrase. You won’t have to remember it later,
// so make it long and complicated. You can visit https://www.grc.com/passwords.htm
// to get a phrase generated for you, or just make something up.
define(‘SECRET_KEY’, ‘put your unique phrase here’); // Change this to a unique phrase.

While I’m not sure what the “secret key” is used for, I prefer using my own pass phrases and passwords. I generally use the pwgen program to generate my passwords. This command

pwgen --numerals --capitalize --symbols --secure 64

entered in my PowerBook’s Terminal gave me a good password. You can install pwgen for OS X with these instructions: Building pwgen on Mac OS X. Why use pwgen over grc.com? Why not? It’s good to have options.

6 Comments

  1. emarts says:

    I have the same question, what is SECRET_KEY?

  2. Dan says:

    I wondered about this too. It struck me that not many people overwrite wp_config.php, so this value is going to be missed on a lot of upgrades. How much of a problem is that, I wonder…

  3. Emre Yashin says:

    wow its very mysterious. i think in a month or sth. we will learn more about that secretkey. at first i thought it was another password. then i thought why would we need another password. đŸ™‚ you see its complicated.

  4. Phil Rogers says:

    The Secret Key is not so mysterious.
    It is used as a “seed” for the random number generator when WordPress encrypts passwords.

    If every blog had the same seed, then it would be easier for hackers to work out passwords. By changing your seed (or Secret Key) it makes it almost impossible to crack.

  5. Asian Blogger says:

    Phil Rogers,
    Thanks for explaining about the Secret Key. I thought it is something a password recovery question.

  6. […] application. It’s late now, so I’ll complete my upgrades in the morning.Related PostsSetting the WordPress 2.5 Secret Key, March 19, 2008How to Make the WordPress Login Cookie Last Longer Than Two Weeks, June 30, 2008If […]