Where the COOKIEHASH comes from ?
-
I saw in my wp-config.php a COOKIEHASH which suppose to be (if I understood well) a md5 of siteurl
the one generated in my wp-config is not a md5 valid
I means it contain invalid characters such as g-z
example:define( 'COOKIEHASH', md5('iNhg1WZsm5nYEHY9OYsKyhFJ7yo4B53s') ); -
@Lonk thanks for the clarification
so this code is not generated by the WordPress installation and it is a parameter Cloudron added for more security ?@JOduMonT said in Where the COOKIEHASH comes from ?:
so this code is not generated by the WordPress installation and it is a parameter Cloudron added for more security ?
Yes, we added it in the package. I installed a whole bunch of security plugins like WP Fence, SecuPress and what not and ran all the scans. One of the scan suggested that this be set to a more random value than the default for more security. Currently, this is only set for new installations.
-
There are best practices but the COOKIEHASH can be anything. I see 3 potential reasons for changing it:
• Block bot attempted Logins with the custom cookie constant
• Two installations can potentially (but unlikely) have a conflict in the login (cannot be logged into both at once in the same browser instance). This solves that!
• Security through obscurity as this is one less thing to identify your site as run by Wordpress
That’s all I’ve got. I never customized mine, but after writing about it I think I will. Thanks for bringing this up!
-
There are best practices but the COOKIEHASH can be anything. I see 3 potential reasons for changing it:
• Block bot attempted Logins with the custom cookie constant
• Two installations can potentially (but unlikely) have a conflict in the login (cannot be logged into both at once in the same browser instance). This solves that!
• Security through obscurity as this is one less thing to identify your site as run by Wordpress
That’s all I’ve got. I never customized mine, but after writing about it I think I will. Thanks for bringing this up!
-
@Lonk thanks for the clarification
so this code is not generated by the WordPress installation and it is a parameter Cloudron added for more security ? -
@Lonk thanks for the clarification
so this code is not generated by the WordPress installation and it is a parameter Cloudron added for more security ?@JOduMonT said in Where the COOKIEHASH comes from ?:
so this code is not generated by the WordPress installation and it is a parameter Cloudron added for more security ?
Yes, we added it in the package. I installed a whole bunch of security plugins like WP Fence, SecuPress and what not and ran all the scans. One of the scan suggested that this be set to a more random value than the default for more security. Currently, this is only set for new installations.
-
@JOduMonT said in Where the COOKIEHASH comes from ?:
so this code is not generated by the WordPress installation and it is a parameter Cloudron added for more security ?
Yes, we added it in the package. I installed a whole bunch of security plugins like WP Fence, SecuPress and what not and ran all the scans. One of the scan suggested that this be set to a more random value than the default for more security. Currently, this is only set for new installations.
️Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login