If you’re like me and you’ve been using WordPress since before 2.5 came out, your wp-config file is probably missing a “SECRET_KEY”. This is a new, one-line entry to the config file that generates a unique cookie for your site. Some of the recent WordPress attacks have involved cookie spoofing, and this will help prevent that kind of thing.
As far as I can understand, WordPress 2.5.1 is completely secure even without a secret key. I think this is just a pre-emptive move to prevent cookie-based attacks in the future. Extra security is always a good thing.
Adding a key is very simple. Just open up your wp-config.php file and add something like this:
define(‘SECRET_KEY’, ‘8675309 abc 123 secret key dont hack me’);
You don’t need to remember the phrase, so make it as long and complex as you can. If you want, you can visit this WordPress page which will generate a unique key every time you load the page.