WordPress 2.6 launched earlier this week and among the new features in this seemingly solid build is a significant security enhancement for how WP handles cookies.

Essentially what it boils down to is WP has separated cookies used for accessing the admin interface through HTTPS (SSL) and regular unsecured HTTP.  This allows for login information and the login cookie to be secured through the encrypted stream on every access.

The details are in Ryan Boren’s blog and get into a fair bit of detail.