Monday, April 28th, 2008

WordPress 2.5.1 is out – note the new step to increase security


There are some important security updates in WordPress 2.5.1 so update when you can. I also noticed an added security measure they’ve included with a secret key for hashing cookies via the config file. (Check out the last paragraph)

http://wordpress.org/development/2008/04/wordpress-251/

Secret lives of blogs

Since 2.5 your wp-config.php file allows a new constant called SECRET_KEY which basically is meant to introduce a little permanent randomness into the cryptographic functions used for cookies in WordPress. You can visit this link we set up to get a unique secret key for your config file. (It’s unique and random on every page load.) Having this line in your config file helps secure your blog.

Many thanks to Steven Murdoch for responsibly reporting the security issue (CVE-2008-1930) and Alex Concha for reporting an XSS issue.

Posted by md on April 28th, 2008 | Filed in Open Source Software, WordPress | Comment now »



Please leave a Comment





This WordPress theme was designed by Michael Dolan based on "Ocean and Sky" by tequilo.de

Valid CSS!