Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Where the COOKIEHASH comes from ?

Scheduled Pinned Locked Moved Solved WordPress (Developer)
6 Posts 3 Posters 441 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • JOduMonTJ Offline
    JOduMonTJ Offline
    JOduMonT
    wrote on last edited by
    #1

    I saw in my wp-config.php a COOKIEHASH which suppose to be (if I understood well) a md5 of siteurl

    the one generated in my wp-config is not a md5 valid
    I means it contain invalid characters such as g-z
    example: define( 'COOKIEHASH', md5('iNhg1WZsm5nYEHY9OYsKyhFJ7yo4B53s') );

    1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    replied to JOduMonT on last edited by
    #0

    @JOduMonT said in Where the COOKIEHASH comes from ?:

    so this code is not generated by the WordPress installation and it is a parameter Cloudron added for more security ?

    Yes, we added it in the package. I installed a whole bunch of security plugins like WP Fence, SecuPress and what not and ran all the scans. One of the scan suggested that this be set to a more random value than the default for more security. Currently, this is only set for new installations.

    LonkleL 1 Reply Last reply
    1
  • LonkleL Offline
    LonkleL Offline
    Lonkle
    wrote on last edited by
    #2

    There are best practices but the COOKIEHASH can be anything. I see 3 potential reasons for changing it:

    • Block bot attempted Logins with the custom cookie constant

    • Two installations can potentially (but unlikely) have a conflict in the login (cannot be logged into both at once in the same browser instance). This solves that!

    • Security through obscurity as this is one less thing to identify your site as run by Wordpress

    That’s all I’ve got. I never customized mine, but after writing about it I think I will. Thanks for bringing this up!

    JOduMonTJ 1 Reply Last reply
    0
  • JOduMonTJ Offline
    JOduMonTJ Offline
    JOduMonT
    replied to Lonkle on last edited by
    #3

    @Lonk thanks for the clarification
    so this code is not generated by the WordPress installation and it is a parameter Cloudron added for more security ?

    LonkleL girishG 2 Replies Last reply
    0
  • LonkleL Offline
    LonkleL Offline
    Lonkle
    replied to JOduMonT on last edited by
    #4

    @JOduMonT I have the Developer Edition and it’s not in mine?

    1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    replied to JOduMonT on last edited by
    #5

    @JOduMonT said in Where the COOKIEHASH comes from ?:

    so this code is not generated by the WordPress installation and it is a parameter Cloudron added for more security ?

    Yes, we added it in the package. I installed a whole bunch of security plugins like WP Fence, SecuPress and what not and ran all the scans. One of the scan suggested that this be set to a more random value than the default for more security. Currently, this is only set for new installations.

    LonkleL 1 Reply Last reply
    1
  • LonkleL Offline
    LonkleL Offline
    Lonkle
    replied to girish on last edited by
    #6

    @girish That makes sense why it wasn’t in mine. I’m planning to reinstall anyway for LDAP support so I’ll let your install script add the custom COOKIEHASH for me. ☺️

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.