Warning! WordPress encrypts user cookies (10 posts)

  1. benz1
    Posted 4 years ago #

    After setting up Multisite I get the following warning at the top of every admin page:

    Warning! WordPress encrypts user cookies, but you must add the following lines to wp-config.php for it to be more secure.
    Before the line /* That's all, stop editing! Happy blogging. */ please add this code:

    define( 'AUTH_KEY', 'xxxxxxxxxxxxxxxxxxxxxxx' );
    define( 'SECURE_AUTH_KEY', 'xxxxxxxxxxxxxxxxxxxxxxx' );
    define( 'LOGGED_IN_KEY', 'xxxxxxxxxxxxxxxxxxxxxxx' );
    define( 'NONCE_KEY', 'xxxxxxxxxxxxxxxxxxxxxxx' );

    But the main site was set up using Fantastico so the lines are already in the wp-config (and I added them manually as well just in case).

    Any ideas why WP thinks they are not there?


  2. And you filled the four keys in with random values?

  3. benz1
    Posted 4 years ago #

    They are filled with random characters automatically by both the Fantastico installation and also the ones generated by the Multisite warning, the xxxx's are just for convenience.

  4. Perhaps it's a cache issue? Have you tried in any other browser? Do you have any cache plugins installed?

  5. benz1
    Posted 4 years ago #

    No, getting it in other browsers too. No plugins installed, it's a fresh installation. Thanks.

  6. Any chance they are accidentally commented out?

  7. benz1
    Posted 4 years ago #

    No, it appears as follows in wp-config.php (actual values replaced with xxxxxxxxxxx):

    * Authentication Unique Keys.
    * Change these to different unique phrases!
    * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service}
    * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
    * @since 2.6.0
    define( 'AUTH_SALT', 'xxxxxxxxxxx' );
    define( 'SECURE_AUTH_SALT', 'xxxxxxxxxxx' );
    define( 'LOGGED_IN_SALT', 'xxxxxxxxxxx' );
    define( 'NONCE_SALT', 'xxxxxxxxxxx' );

  8. benz1
    Posted 4 years ago #

    Interestingly I just took the lines out of my wp-config to try without and got the following in WP:

    define( 'AUTH_KEY', 'xxxxxxxxxxx' );
    define( 'SECURE_AUTH_KEY', 'xxxxxxxxxxx' );
    define( 'LOGGED_IN_KEY', 'xxxxxxxxxxx' );
    define( 'NONCE_KEY', 'xxxxxxxxxxx' );
    define( 'AUTH_SALT', 'yyyyyyyyyyy' );
    define( 'SECURE_AUTH_SALT', 'yyyyyyyyyyy' );
    define( 'LOGGED_IN_SALT', 'yyyyyyyyyyy' );
    define( 'NONCE_SALT', 'yyyyyyyyyyy' );

    Note, the 2nd set were different values than the first.

    So I pasted the whole lot into my wp-config and the warning message has now gone. Was the issue that you need 2 sets of values in a Multisite configuration? If not, is there any harm in having 2 sets of values?


  9. There aren't two sets of the same, some are salts, some are keys. glad you found them all because I read too fast to catch it. :)

  10. benz1
    Posted 4 years ago #

    You're right, I didn't notice that so I guess it needs both sets.


Topic Closed

This topic has been closed to new replies.

About this Topic