Web Talk

In order to improve security in your Wordpress blog, the new version of this wonderful Content Management System has seen the birth of a new way of tightening your security by creating a unique and hard to find number when calculating hash value to encrypt password, especially on cookie authentication. This trick highly prevents hackers who use specific software to brute force your admin account. But, where can you find and use this new feature called “the secret key”? Simple, first of all open the Wordpress zipped file or, alternatively, gain access to your blog by using a FTP software. Look for wp-config-sample.php (if you just installed Wordpress) or wp-config.php (if you have a running blog), open it and look for the following piece of code:

// Change SECRET_KEY to a unique phrase. You won’t have to remember it later,
// so make it long and complicated. You can visit https://www.grc.com/passwords.htm
// to get a phrase generated for you, or just make something up.
define(’SECRET_KEY’, ‘put your unique phrase here’); // Change this to a unique phrase.

Now, just change “define(’SECRET_KEY’, ‘put your unique phrase here’)” by writing a long and hard to guess password. I would like you to remember that the longer and “mixed” it is the better your will be protected against malevolt people. But what do I mean when I say “mixed”? When creating a new password you should keep in your mind what specific software used by hackers are and do. They are huge databases trying to fill in your admin form with all kind of words to gain full access to your blog. They also try to combine words, use capital letters and special characters and such. It is evident that the more messed-up a password is, the better. To give you an example you SHOULD NOT USE a password like this: johnthebest198606. You SHOULD USE instead a password such: RiGhTPaSs$56*8@2Ok. This lessen the chance that some program may, even by change, guess your password. In case you are not creative enough, you can use this simple Web Tool, directly provided by Wordpress that makes the hard job for you, namely find out a very hard-to-guess password. Here is the link.