WordPress 2.5 includes a new set of security features for passwords and password hashing and cookie security. This feature works without doing anything, but it's not particularly powerful without some extra steps.
If you want to greatly increase the security of your site, you should set up a secret key.
Setting up a secret key is easy. All you have to do is to add this to the wp-config.php file, right after the other define statements:
define('SECRET_KEY', 'put your unique phrase here');
You'll find this line in the wp-config-sample.php file as well.
Your unique phrase should be something long and random. Anything 60+ characters and relatively random will do, it doesn't matter what it is.
WordPress has created a generator for this line to assist people in creating a good one. Go to this site:
http://api.wordpress.org/secret-key/1.0/
It will generate a strong, random, secret key for you, and the define line for it. Just copy and paste that line into wp-config.php.
Doing this will invalidate all your logins, so everybody on your site will have to relogin, but doing it will greatly increase the cookie strength of WordPress 2.5. This means that your login cookies, if intercepted, won't be able to be reproduced as easily. It also means that somebody who gains read-only access to your database through some other means won't be able to login to your site.
