Support » Networking WordPress » Warning! WordPress encrypts user cookies

  • After setting up Multisite I get the following warning at the top of every admin page:

    Warning! WordPress encrypts user cookies, but you must add the following lines to wp-config.php for it to be more secure.
    Before the line /* That’s all, stop editing! Happy blogging. */ please add this code:

    define( ‘AUTH_KEY’, ‘xxxxxxxxxxxxxxxxxxxxxxx’ );
    define( ‘SECURE_AUTH_KEY’, ‘xxxxxxxxxxxxxxxxxxxxxxx’ );
    define( ‘LOGGED_IN_KEY’, ‘xxxxxxxxxxxxxxxxxxxxxxx’ );
    define( ‘NONCE_KEY’, ‘xxxxxxxxxxxxxxxxxxxxxxx’ );

    But the main site was set up using Fantastico so the lines are already in the wp-config (and I added them manually as well just in case).

    Any ideas why WP thinks they are not there?

    Thanks,
    Benz1

Viewing 9 replies - 1 through 9 (of 9 total)
  • Moderator James Huff

    (@macmanx)


    And you filled the four keys in with random values?

    They are filled with random characters automatically by both the Fantastico installation and also the ones generated by the Multisite warning, the xxxx’s are just for convenience.

    Moderator James Huff

    (@macmanx)


    Perhaps it’s a cache issue? Have you tried in any other browser? Do you have any cache plugins installed?

    No, getting it in other browsers too. No plugins installed, it’s a fresh installation. Thanks.

    Any chance they are accidentally commented out?

    No, it appears as follows in wp-config.php (actual values replaced with xxxxxxxxxxx):

    /**#@+
    * Authentication Unique Keys.
    *
    * Change these to different unique phrases!
    * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service}
    * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
    *
    * @since 2.6.0
    */
    define( ‘AUTH_SALT’, ‘xxxxxxxxxxx’ );
    define( ‘SECURE_AUTH_SALT’, ‘xxxxxxxxxxx’ );
    define( ‘LOGGED_IN_SALT’, ‘xxxxxxxxxxx’ );
    define( ‘NONCE_SALT’, ‘xxxxxxxxxxx’ );
    /**#@-*/

    Interestingly I just took the lines out of my wp-config to try without and got the following in WP:

    define( ‘AUTH_KEY’, ‘xxxxxxxxxxx’ );
    define( ‘SECURE_AUTH_KEY’, ‘xxxxxxxxxxx’ );
    define( ‘LOGGED_IN_KEY’, ‘xxxxxxxxxxx’ );
    define( ‘NONCE_KEY’, ‘xxxxxxxxxxx’ );
    define( ‘AUTH_SALT’, ‘yyyyyyyyyyy’ );
    define( ‘SECURE_AUTH_SALT’, ‘yyyyyyyyyyy’ );
    define( ‘LOGGED_IN_SALT’, ‘yyyyyyyyyyy’ );
    define( ‘NONCE_SALT’, ‘yyyyyyyyyyy’ );

    Note, the 2nd set were different values than the first.

    So I pasted the whole lot into my wp-config and the warning message has now gone. Was the issue that you need 2 sets of values in a Multisite configuration? If not, is there any harm in having 2 sets of values?

    Thanks.

    There aren’t two sets of the same, some are salts, some are keys. glad you found them all because I read too fast to catch it. 🙂

    You’re right, I didn’t notice that so I guess it needs both sets.

    Thanks!

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Warning! WordPress encrypts user cookies’ is closed to new replies.