Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ed Finkler's Blog:
Encouraging steps towards security in Wordpress 2.5
Apr 02, 2008 @ 21:09:47

Ed Finkler, not normally a big fan of the WordPress PHP-based blogging system, has pointed out some positive steps that were made in the latest release in the security arena.

Anyone who gets me liquored up knows that I'm not a fan of Wordpress. I think it's great from a user (that is, the person writing the content) standpoint, but it has lagged behind severely in terms of security, and I don't believe its popularity is the sole reason WP has been the subject of dozens of vulnerability reports every year. That being said, the WP 2.5 release appears to offer significant improvements in a couple areas: password hashes and cookie data encryption.

He mentions two things in particular - their addition of salted passwords and secure cookies.

tagged: wordpress security secure cookie password hash blog