Earlier today I started upgrading my blogs to the latest and greatest WordPress, version 2.6.1. I did full backups, both the SQL database and the html of the web site. I then tweaked my upgrade script and started plugging away.
After the old files were archived, the new files were in place, I ran the upgrade.php script, which appeared to work just fine. And after the upgrade script completed, I had to log back in. And the headaches began. It was a loop of error messages continually trying to get me to login. I tried on separate browsers (Safari 3, Opera 9, and Firefox 2) and only Firefox would let me in.
I did the password reset procedure several times. No good. I thought it was something related to line breaks not being correctly sanitized in Safari-Mac. Finally, I discovered the fix:
- You need to add in all three new security password settings to wp-config.php. The setting from version 2.5 (SECRET_KEY) is history. The new values you need are AUTH_KEY, SECURE_AUTH_KEY, and LOGGED_IN_KEY. Each of these should have a different passphrase.
- You need to clear the cookies for the domain from your browser. Because WordPress does not embed the version of your WordPress into it’s cookies, most browsers get confused and won’t let you log in. This problem could be cleared in the next version of WordPress by simply embedding the WP version number into the cookie name.
The reason that Firefox was working for me is because I use Firefox as a test browser, and it clears the cache, history and cookies every time I exit the application.
Update 2008/08/20 9:40am: I’ve now upgraded ten blogs, and by always including the three new fields in the wp-config.php and by clearing my browser cookies, I haven’t had any other headaches during the upgrade process.
- Setting the WordPress 2.5 Secret Key, March 19, 2008
- How to Make the WordPress Login Cookie Last Longer Than Two Weeks, June 30, 2008