Avoid to be easily the target of the HTTPS BREACH vulnerability.
You can (and i encourage you to do it) define 2 constant in wp-config.php file :
BBA_REPEATER : used by this plugin to add a new secret srting in each nonces (e number used once to create a secure token and avoid CSRF flaws), default is 2, min is 1, no max, just change it.
BBA_NONCE_LENGTH : From 4 to 32 with 10 for default value, you can modify the length the each nonces in WordPress, the longer, the better
Also, WordPress includes a "nonce_life" filter hook. Its default value is 1 day, i suggest you to low this value, like 12 hours or 6 hours (DAY_IN_SECONDS /2 or /4)
Requires: 3.9 or higher
Compatible up to: 4.3.9
Last Updated: 2 years ago
Active Installs: 500+
Got something to say? Need help?