Another WordPress+bbPress Integration Gotcha

2718.us — Thu, 01 May 2008 21:37:29 +0000

Somehow (my best guess is it happened with the database update in the WP2.5.1 upgrade), the database secret, stored as “secret” and visible on /wp-admin/options.php, changed making the logins for bbPress and WordPress clobber each other (both apps using the same cookie, but each app rewriting the cookie with its own contents, rather than recognizing the other app’s contents). If you’re having trouble with WordPress 2.5.1 + bbPress 0.9.0.2, especially if you’ve already watched the cookies go by and are sure that both apps are using the same cookie, check your secret (in bbPress, it’s in Admin > Settings > WP Integration).

The SECRET_KEY in WordPress

2718.us — Thu, 24 Apr 2008 22:20:59 +0000

I’ve gotten into the habit of actually reading the various blogs to which there are links on my WordPress dashboard and I saw this today from boren.nu:

To make cookies secure against attacks where someone has managed to get into your database through an SQL injection exploit or other means, WordPress 2.5 introduced a user-definable constant called SECRET_KEY. If you look at the sample wp-config.php shipped with 2.5, you’ll see these lines.

// Change SECRET_KEY to a unique phrase. You won’t have to remember it later,
// so make it long and complicated. You can visit https://www.grc.com/passwords
.htm
// to get a phrase generated for you, or just make something up.
define(’SECRET_KEY’, ‘put your unique phrase here’); // Change this to a unique phrase

If you upgraded from a previous version of WordPress you probably won’t have these lines in your wp-config.php.

That last bit is, of course, the critical thing for me and had me going back and inserting SECRET_KEYs into all my older/upgraded WordPress installs. Just remember that if you’re integrating with bbPress, you have to match the SECRET_KEYs in wp-config.php and bb-config.php.

2718.us blog » integrate

Another WordPress+bbPress Integration Gotcha

The SECRET_KEY in WordPress