WordPress.org

Make WordPress Core

Opened 4 weeks ago

Last modified 4 weeks ago

#44425 new enhancement

Add WP_CACHE_KEY_SALT to WordPress.org secret-key service

Reported by: paulschreiber Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

Currently, the WordPress.org secret-key service

https://api.wordpress.org/secret-key/1.1/salt/

generates AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY, AUTH_SALT, SECURE_AUTH_SALT, LOGGED_IN_SALT and NONCE_SALT.

It would be helpful if it also generated WP_CACHE_KEY_SALT. That way, people who install the object-cache.php drop-in would be less likely to experience unexpected behaviour.

See also: https://github.com/Automattic/wp-memcached/issues/31

Change History (2)

#1 @kraftbj
4 weeks ago

I cross-posted this to a new Meta ticket at https://meta.trac.wordpress.org/ticket/3678 for the API changes.

On the Core side, shall we add WP_CACHE_KEY_SALT to wp-config-sample.php, wp-admin/setup-config.php, wp-admin/maint/repair.php, etc?

#2 @Otto42
4 weeks ago

WordPress code does not contain "WP_CACHE_KEY_SALT" anywhere in it. Is this for a plugin or something? Seems like the plugin should generate the salt in this case.

Additionally, the WordPress.org API isn't generally used to generate these anymore, core generates these values itself on installation. The salt API still exists as a fallback, but hopefully the random-compat library is now considered random enough to not rely on external sources of entropy.

Also, if we were to modify the API, then we probably would want to add it to a 1.2 endpoint, not the existing 1.1 one. Just so we're not sending out values that are not actually needed.

So, unless there's a really good reason behind this that I don't know about, I'm guessing this is a wontfix.

Last edited 4 weeks ago by Otto42 (previous) (diff)
Note: See TracTickets for help on using tickets.