|
I mentioned this in the Wordpress Exploits thread that Walrus started, but I think it's worth adding here since many people I've talked with have skipped this step.
Up until now, upgrade instructions told you not to overwrite your wp-config.php file, which was good advice since that file has your database login information which the upgraded script needs. And that was fine since the wp-config.php file wasn't changed until 2.5 came along and added a new constant called SECRET_KEY which is used to introduce some 'permanent randomness' as another security measure.
If you're used to doing upgrades the usual way, you may miss this step. But this time you should open the new 'wp-config-sample.php' file and enter the config info from your old file. Now enter a 'secret phrase' that WordPress will use to scramble some things in the background for you. Save the file as wp-config.php and upload that to your server, overwriting the old one which doesn't have this new code.
HTH
__________________
"If you're happy and you know it, think again." -- Guru Pitka
|