In december2017, wordfence reported that 1.4 billion sets of WordPress login vouchers were stolen, and then a large-scale undifferentiated college entrance examination activity took place. With the password matching the user name becoming easy to use, it is not surprising that hackers seized the opportunity to start attacks after a maximum of 14.1 million attacks against WordPress users in one hour. Of course, the WordPress administrator switches to the defense mode and requires all users to reset and change their passwords. But is that enough? If hackers can find relevant information from cracked databases, will strict password application be a problem? How about dual authentication? Does this help? The
In the excellent word press security blog, CMS will prompt you to perform all these operations when managing user passwords, because this will make the indifference proxy attack more difficult. But what they didn’t mention is that you must pay immediate attention to the WordPress security key. This applies not only to the initial security protocol implementation of the site, but also to the results of major security violations in the news. WP buffs’ team helps website owners, agency partners, and freelancer partners implement security keys and solutions. Even if you need us to manage a website or support 1000 client websites, we will help you. The following guidelines describe all the things you need to know about WordPress security keys, create a new solution for your site, and how to configure it in a few simple steps. The
Everything you need to know about WordPress security keys, there is not much you can do to guide WordPress users to secure password conventions. Strong passwords and dual authentication are required. The user is also reminded to change the password after 90 days. However, it is not enough to leave the configuration and protection of login credentials to the user. This is why WordPress has developed a series of WordPress security keys (also known as private keys). To understand how it works and why it is worth noting, first look at how WordPress user sessions work. The
WordPress user sessions and cookies when a new WordPress user logs in (for back-end users and comment authors), the cookie stores information about the session. In version 2.4, WordPress set up cookies to store two kinds of information: the user name and the double hash version of the password created by the user. This simplifies the login process by encrypting the user information and saving it for later use. Since version 3.0, WordPress has created two cookies for the login screen (wordpress\u[hash]) and the administrator dashboard (wordpress\u logd\u in[hash]). The
The Codex description is as follows: WordPress uses two cookies, WP login. Bypass the password entry section of PHP. If WordPress is aware that there are valid and unexpired cookies, please go directly to the WordPress management interface. If the cookie does not exist, expires, or is otherwise invalid (e.g. manually edited for some reason), WordPress must log in again to obtain a new cookie. This information is stored in the word press database. WordPress security key and solt user password hash are the methods that WordPress encrypts \/ encodes user session data. This is done using an algorithm called MD5. By default, the user name and password created by the user are hidden behind long and incomprehensible numbers and characters, which is difficult to decrypt. This is the WordPress security key.
