Hi @dblvd
You should disable the Salt Postfix feature. It is not possible to disable the weekly update of Salt Postfix.
Regards
Thread Starter
dblvd
(@dblvd)
Does this mean that if the Salt Postfix feature is disabled the automatic update also does not take place?
(If so this should be clarified inside the documentation and best inside the plugin settings)
Hi @dblvd,
Thanks for your suggestion, I will create an internal ticket for this.
Regards
Thread Starter
dblvd
(@dblvd)
Hey there, thanks so far but please could you clarify whether I can reliably disable the weekly change of the salts by disabling the Salt Postfix feature ???
Hi @dblvd,
If you disable the salt postfix feature, it will stop applying the salt postfix to salt. But with cron job, it might keep updating as per my code review.
I will create an internal ticket for this to have the weekly salt postfix change cron also resolved.
Regards
Thread Starter
dblvd
(@dblvd)
Thanks, hjogi, if you escalate this internally now, please add this article https://snicco.io/blog/wordpress-salts to it. It seems as if the benefits of changing salts does not outweigh the broken code / or access validation issues that could occur.
Also: Is there a hook for now where we can disable the automatic salt change?
-
This reply was modified 11 months, 4 weeks ago by
dblvd.
Hi @dblvd,
Ok, I will add that article.
If you disable the salt postfix feature, it will stop applying that changing salt postfix. Here we add the postfix to the actual salt saved in wp-config.php so if you disable this feature still the actual salt will be used.
you can add the below code in the functions.php, it should remove the updating of the salt postfixes. let me know if still any issue.
remove_action('aios_change_auth_keys_and_salt', 'AIOWPSecurity_Utility::change_salt_postfixes');
