The Paragon Initiative blog has a post from Scott Arciszewski about a new feature coming to upcoming WordPress versions - the use of a cryptographically security random number generator starting in version 4.4.0.
At Paragon Initiative Enterprises, we believe that security should be the default state of affairs, not something only in the reach of security experts. That is why [...] our team spends a great deal of time working to improve the security of popular free and open source software.
Today, we're pleased to announce an exciting security enhancement coming to WordPress in the next major version. Starting in 4.4.0, wp_rand() is cryptographically secure on all platforms.
He walks the reader through the "road" that's lead to the introduction of this support and the work he did in the past to help push the project (and others) towards it. Given that the WordPress project has a lot of emphasis on backwards compatibility, effort need to be put into a method that would work across new and old PHP versions. The random_compat library was created and was adopted not only by WordPress but also by several other major PHP projects.
Our part in this long and crazy journey has reached its end. In the course of fixing the same flaw in two distinct projects, the PHP community banded together to identify and expunge a bug in the PHP core, create a new feature in PHP 7, and in some small way helped to secure the CMS that powers more than 20% of websites on the Internet.