Community Support Forums

[candy]

Hi,

It seems I forgot to set up that "Security Encryption Key" - so I do not have any there, but already have some happy registered users

If I would set one Security Encryption Key now (so after having life users & co) will that brake my site?

Thanks!

[Cristián Lávaque]

Hmm... I don't know what to tell you here. The documentation says this

Security Encryption Key ( optional, for tighter security )

Just like WordPress®, s2Member is open-source software. Which is wonderful. However, this also makes it possible for anyone to grab a copy of the software, and try to learn their way around its security measures. In order to keep your installation of s2Member unique/secure, you should configure a Security Encryption Key. s2Member will use your Security Encryption Key to protect itself against hackers. It does this by encrypting all sensitive information with your Key. A Security Encryption Key is unique to your installation.

Once you configure this, you do NOT want to change it; not ever. In fact, it is a VERY good idea to keep this backed up in a safe place, just in case you need to move your site, or re-install s2Member in the future. Some of the sensitive data that s2Member stores, will be encrypted with this Key. If you change it, that data can no longer be read, even by s2Member itself. In other words, don't use s2Member for six months, then decide to change your Key. That would break your installation. You configure this once, for each installation of s2Member; and you NEVER change it.

So I'll wait for Jason to answer how you could fix this with the least trouble.

[candy]

yep, I read that too, that's why I did not dare to touch it
Would be great to fix it though ...

Thanks in advance!

[Jason Caldwell]

Yes, it's fine to to do that. The warning is there because there may come a time when changing this key would absolutely break your site. For now though, just read through my post here: viewtopic.php?f=4&t=651#p2819