Everything You Need to Know About WordPress Salts & Security Keys

WordPress is an open source content management system that is now one of the largest platforms for blogs and websites of all niches. And if you are one of the millions of users around the world, you have probably wondered why and how WordPress security.

Protecting your website against any malware attack or brute force is always the top priority. And to help those security requirements, WordPress offers tons of security options. We have focused on the topic above with our articles on WordPress security plugins and we also discussed some of the simple WordPress security tips to keep your site safe. But today we wanted to give our users a little more information about WordPress Sales and Security Keys. We will discuss in detail what exactly they are and how they work to keep your account and website safer.

What are WordPress salts and security keys?

In simple terms, WordPress Security The key is a password that contains random elements that are long, complicated and almost impossible to break. They provide a more secure encryption of the information stored in the browser's cookies and make it difficult to eliminate the security barriers of the site.

WordPress salts are additional random data strings that contain the security keys. They add the additional layer of protection to cookies and their authentication credentials.

With the current version of WordPress, there are 4 security keys used to sign cookies for your site. Four WordPress salts are recommended for the 4 corresponding security keys, however it is not necessary since WordPress generates them by default.

  • LOGGED_IN_KEY – Used to generate a cookie for a connected user. These cookies can not be used to make changes to the site. .
  • SECURE_AUTH_KEY – Used to sign an authorizing cookie for the SSL administrator. These cookies are used to make changes to the site.
  • AUTH_KEY: used to sign the authorizing cookie for which it is not SSL. These cookies can be used to make changes to the site.
  • NONCE_KEY: used to sign the nonce key that protects the nonces from being generated, protecting it from certain forms of attacks.

Think about it this way; A simple password that you decide can usually be broken easily. However, a more random and unpredictable set of variables is difficult to encrypt. It may even be years before someone trying to guess the password presents the correct combination. Therefore, WordPress security keys and sales ensure the security and protection of your website and logon credentials.

How do WordPress salts work and Do security keys work?

Unlike most other website platforms, WordPress does not use PHP sessions to track its users. To verify the identity of users who logged in and commentators, WordPress usually uses cookies or information that are stored in your browser's history. When you log in to your Dashboard, multiple cookies are created and saved. In general, the two cookies that are created are:

  • wordpress_ [hash]
  • wordpress_logged_in_ [hash]

The first is used only when it is connected to its Board while the second cookie is used throughout WordPress to ensure that you have logged in or not. The details you use to log in are hash (they are assigned cryptic values) using the random variables that are then specified in the WordPress security keys. This, in turn, strengthens and makes it almost impossible for someone to guess their password in case of theft of their cookies.

See this article for more information.

How to use the security keys and the WordPress sales?

Generally, when your WordPress websites are self-hosting, the security keys are not predefined. Instead, you may need to generate and add them yourself. But do not worry, the process is quite simple and straightforward. In general, there are two ways to configure the secret key. We will discuss the two methods for your convenience so that you can choose the method you prefer.

  • Manually change the security keys and WordPress salts.
  • Using a WordPress plugin.

Method 1: Change the secret keys manually & Sales!

Follow the steps below to guide and secure your WordPress profile and website!

The first step is to generate your own secret key. WordPress has its own random key generator and we recommend using them instead of creating your own. It's easy and it takes only a few seconds.

  define (& # 39; AUTH_KEY & # 39 ;, & # 39; keys generated at random & # 39;);
define (& # 39; SECURE_AUTH_KEY & # 39 ;, & # 39; keys generated at random & # 39;);
define (& # 39; LOGGED_IN_KEY & # 39 ;, & # 39; keys generated at random & # 39;);
define (& # 39; NONCE_KEY & # 39 ;, & # 39; keys generated at random & # 39;);

Now that you have the secret WordPress security key ready, go ahead and open the WordPress wp-config.php file. You will find the file in your WordPress root folder.

Search authentication Unique WordPress security keys and sales that are usually found after the credentials of the database.

Copy all the code block that you previously generated using the generator random key. Once you have done that, simply replace the eight default variables in your wp-config.php file. Save the changes you have made and that's it.

Method 2: Use of a complement

To explain this method in a more exhaustive way, we will use the help of the Salt Shaker complement. A free WordPress security plugin, Salt Shaker is also extremely easy to use! Then to start the process Install and activate the add-on.

If you find a problem with the procedure, here is a practical guide from Beautiful Themes that deals with the subject of How to install and activate a WordPress plugin?


Once the plugin is activated and ready to use, you will find a newly added menu in the Tools section like Salt Shaker.

 salt-shaker-setting -page

After clicking on the menu, you will be redirected to a new page that offers the option to set a time to change the SALT keys. Go ahead and check the option Change keys and sales WP.

You will also see the option of choosing a daily, weekly or monthly basis to program the change of keys and sales. Select the option you prefer and your settings are Saved.

In case you want to change the security keys and WordPress salts immediately, you can also see an option to Change now at the bottom of the page. Keep in mind that once you change the keys, the WordPress session will automatically be closed.

Wrapping them!

And this sums up our article on security keys and WordPress salts. We have broken it down for our users so you can better understand the matter. Get a more secure and secure WordPress environment by changing the random security variables from time to time.

We have also listed the methods you can use to change the keys and now we hope you have understood everything you need to know about WordPress security. keys and salts. Do you want to learn more about security? Why not see more of our articles on the subject!

Leave a Reply