Changing WP Salts breaks posting

Question

Changing WP Salts breaks posting

Closed this issue 5 years ago · 2 comments

Since the diaspora* password is encrypted using the AUTH_KEY salt, changing it makes a future decryption impossible, thus breaking the posting.

To correct this, the password needs to be re-entered and saved again on the WP to diaspora* admin page.

@gutobenn Any idea how best to tackle this?! Of course there's the option of not encrypting the password or using something else as the key (instead of AUTH_KEY), but it would need to be something that doesn't exist in the DB (which would make the whole procedure pointless).

An option would be to create a new file somewhere with a random string in it and use that. But it feels very ugh...

Issue posted on the WP support forum:
https://wordpress.org/support/topic/modifying-the-salt-key-prevents-the-plugin-from-working/

Answer 1 · 2019-02-14T00:29:47.000Z

Proposed solution is to introduce a new constant called WP2D_ENC_KEY (to be set in wp-config.php) which would stay unchanged after updating salts.

Furthermore, if the new key is not defined, a hash of the AUTH_KEYwill be remembered to be able to check if it has changed, prompting the user to update the WP2D credentials if necessary.

Answer 2 · 2020-06-16T21:47:24.000Z

Implemented in 3.0.0