Explanation
-
Hi Subhransu,
Your plugin claims to make the auth cookie in WordPress more secure, but I don’t believe it is doing that. This plugin simply adds a plain text per-user key to the auth cookie.
If somebody gets hold of your cookie (which will be complete with the per-user key) then this has no effect at all on increasing the security. The hash in the cookie is already generated based on the user’s username, a substring of their encrypted password, the expiration date, and the scheme.
Would you mind explaining what this plugin attempts to achieve please?
- The topic ‘Explanation’ is closed to new replies.