WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#11764 closed enhancement (wontfix)

move secret_salt_warning() over into the global WP functionality

Reported by: Denis-de-Bernardy Owned by: ryan
Milestone: Priority: normal
Severity: normal Version: 3.0
Component: Security Keywords: 2nd-opinion health-check
Focuses: multisite Cc:

Description

secret_salt_warning() adds a warning that prompts users to add a couple of defines to their site so as to reenforce its security. We should turn this on by default, rather than just for multisite installations.

Change History (6)

comment:1 nacin4 years ago

  • Keywords multisite added

comment:2 follow-up: nacin4 years ago

  • Keywords health-check added

Related (keys and their defaults): #12081.

Thinking that for non-MS this might be better as part of the health check plugin.

comment:3 nacin4 years ago

#12159 should ensure new installs are at least secure. We're also addressing salts in Tools > Network.

secret_salt_warning() is missing NONCE_SALT. I don't think we should add it until we can fix #12142 simultaneously.

comment:4 wpmuguru4 years ago

(In [13768]) add NONCE_SALT to secret_salt_warning(), see #11764

comment:5 in reply to: ↑ 2 wpmuguru4 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

Replying to nacin:

Related (keys and their defaults): #12081.

Thinking that for non-MS this might be better as part of the health check plugin.

I agree. An end user implementing the SALTS/KEYS may have login issues (possibly all users) as is documented in #12142.

I'm closing. If someone strenuously objects they can re-open.

comment:6 nacin4 years ago

  • Milestone 3.0 deleted

I agree.

Something tells me that #12142 is exacerbated by a bug somewhere in MS, as changing, adding or removing keys and salts in single-install WP doesn't seem to cause problems, beyond a logout.

Note: See TracTickets for help on using tickets.