Kenneth F. Belva

WordPress 2.4 to use Secure Cookies and Passwords

From Ryan Boren regarding WordPress version 2.4 security:

The new cookie protocol will allow us to enforce expirations server-side, mass invalidate all cookies, and offer high-level confidentiality. Read the Liu paper for details on the protocol, and see ticket 5367 for details on our implementation of the protocol.

In conjunction with the new cookies, password hashing will be improved by moving to phpass. phpass provides password stretching and salting. These make brute-forcing your password hashes impractical should someone get access to your database

Post a Comment

Your email is never published nor shared. Required fields are marked *