Wordpress 2.5.1 out now

Simon · 2008-04-29, 08:13 AM

I mentioned this in the Wordpress Exploits thread that Walrus started, but I think it's worth adding here since many people I've talked with have skipped this step.

Up until now, upgrade instructions told you not to overwrite your wp-config.php file, which was good advice since that file has your database login information which the upgraded script needs. And that was fine since the wp-config.php file wasn't changed until 2.5 came along and added a new constant called SECRET_KEY which is used to introduce some 'permanent randomness' as another security measure.

If you're used to doing upgrades the usual way, you may miss this step. But this time you should open the new 'wp-config-sample.php' file and enter the config info from your old file. Now enter a 'secret phrase' that WordPress will use to scramble some things in the background for you. Save the file as wp-config.php and upload that to your server, overwriting the old one which doesn't have this new code.

HTH

papagmp · 2008-04-29, 11:58 AM

Thanks Simon - I missed that - now I get to redo all my config files

I guess it's better late than never.

Quote:

Originally Posted by Simon

I mentioned this in the Wordpress Exploits thread that Walrus started, but I think it's worth adding here since many people I've talked with have skipped this step.

Up until now, upgrade instructions told you not to overwrite your wp-config.php file, which was good advice since that file has your database login information which the upgraded script needs. And that was fine since the wp-config.php file wasn't changed until 2.5 came along and added a new constant called SECRET_KEY which is used to introduce some 'permanent randomness' as another security measure.

If you're used to doing upgrades the usual way, you may miss this step. But this time you should open the new 'wp-config-sample.php' file and enter the config info from your old file. Now enter a 'secret phrase' that WordPress will use to scramble some things in the background for you. Save the file as wp-config.php and upload that to your server, overwriting the old one which doesn't have this new code.

HTH

2008-04-29, 08:13 AM	#1
Simon That which does not kill us, will try, try again. Join Date: Aug 2003 Location: Conch Republic Posts: 5,150	I mentioned this in the Wordpress Exploits thread that Walrus started, but I think it's worth adding here since many people I've talked with have skipped this step. Up until now, upgrade instructions told you not to overwrite your wp-config.php file, which was good advice since that file has your database login information which the upgraded script needs. And that was fine since the wp-config.php file wasn't changed until 2.5 came along and added a new constant called SECRET_KEY which is used to introduce some 'permanent randomness' as another security measure. If you're used to doing upgrades the usual way, you may miss this step. But this time you should open the new 'wp-config-sample.php' file and enter the config info from your old file. Now enter a 'secret phrase' that WordPress will use to scramble some things in the background for you. Save the file as wp-config.php and upload that to your server, overwriting the old one which doesn't have this new code. HTH __________________ "If you're happy and you know it, think again." -- Guru Pitka