modifying the salt key prevents the plugin from working

  • Resolved paidge

    (@paidge)


    6 years, 2 months ago

    I would like to securize my wordpress website that is in production. But when I have changed the SALT keys in the wp-config.php file, crossposting didn’t work anymore. So I restored my original SALT and crossposting worked again. Do you have a solution for that ?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author noplanman

    (@noplanman)

    Hi @paidge, thanks for reporting this.

    This is due to the fact that the diaspora* login password gets saved in the database, encrypted with the AUTH_KEY salt key.
    So when the AUTH_KEY value is changed, the password cannot be retrieved because the decryption fails.

    I’ll put this issue on the issue tracker where the development takes place, at the moment on GitHub here: https://github.com/DiasPHPora/wp-to-diaspora

    Not sure how this issue can be fixed unfortunately.

    For the plugin to work correctly again after changing the salts, the password needs to be re-entered and saved on the WP to diaspora* settings page.

    Plugin Author noplanman

    (@noplanman)

    Hi again @paidge

    Excuse the delay. After discussing with the original plugin author, a possible solution could be to introduce a dedicated encryption key that can be set in wp-config.php (e.g. WP2D_ENC_KEY). Then you could freely change your salts without any problems.
    Would this work for you?

    Thing is, using the AUTH_KEY for data encryption is the standard procedure and changing the salts *should* make all there-with encrypted data inaccessible, for security reasons.

    Of course the situation you are talking about is an exception, so we’d like to support that!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘modifying the salt key prevents the plugin from working’ is closed to new replies.