Use PHP7's random_int()
CSPRNG functionality in wp_rand()
with a fallback to the random_compat
library for PHP 5.x.
random_compat
offers a set of compatible functions for older versions of PHP, filling in the gap by using other PHP extensions when available.
We still include our existing wp_rand()
functionality as a fallback for when no proper CSPRNG exists on the system.
Take Two, this was previously committed in [34922] but had an issue on PHP 5.2 which sarciszewski has now resolved.
Props sarciszewski
See #28633