WordPress 2.6 launched earlier this week and among the new features in this seemingly solid build is a significant security enhancement for how WP handles cookies.
Essentially what it boils down to is WP has separated cookies used for accessing the admin interface through HTTPS (SSL) and regular unsecured HTTP. This allows for login information and the login cookie to be secured through the encrypted stream on every access.
The details are in Ryan Boren’s blog and get into a fair bit of detail.
1 response so far ↓
1 Jeffro2pt0 // Jul 17, 2008 at 12:51 am
It’s a shame though that the new way of handling cookies caused some people to become locked out of their blogs backend. Thankfully, clearing out the cookies worked for most people.
Leave a Comment