Secret keys (salts)

Secret keys enhance WordPress security through user authentication with
the placement of a cookie in the user’s Web browser. They are also referred
to as salts, a word commonly used in cryptography to represent random
keys, such as in a password. Secret keys in your wp-config.php file make
your site harder for outside sources to gain access to because they add
random keys to the user password.
These keys aren’t populated during the WordPress installation, so after the
installation is complete, you need to visit the wp-config.php file to set the
keys so that your WordPress installation has unique keys that are different
from any other installation — making it more secure because the keys are
specific only to your site. By default, the code in the file looks like this:
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these with the {@link https://api.wordpress.org/secret-key/1.1/
salt/ WordPress.org secret-key service}. You can change these at any point in
time to invalidate all existing cookies. This will force all users to have to
log in again.
*
* @since 2.6.0
*/
define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
define(‘AUTH_SALT’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’, ‘put your unique phrase here’);
define(‘NONCE_SALT’, ‘put your unique phrase here’);

 

Follow the directions in the file and visit the WordPress secret-key service
Web page (https://api.wordpress.org/secret-key/1.1/salt;
be sure to refresh this page a few times to make sure that you get unique
keys) to obtain the keys that you need to replace the existing defaults (represented
in the wp-config.php file by the lines that start with define.
Copy the keys from the Web page and then replace the eight lines of default
(blank) keys in your wp-config.php file. After you do that, this section of
the file looks like this (except with your own, unique secret keys):
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these with the {@link https://api.wordpress.org/secret-key/1.1/
salt/ WordPress.org secret-key service}. You can change these at any point in
time to invalidate all existing cookies. This will force all users to have to
log in again.
*
* @since 2.6.0
*/
define(‘AUTH_KEY’,’OkjsE|hTe1A#+yK*;zWOh_~we{X}(uX=TUXtV`WC9Owz_eA@c_
LKH-Le;qKDPcn’);
define(‘SECURE_AUTH_KEY’,’mGt;>cS&Gn,weoFIoJts[.+8bm$Qk|+|a|]>u<TLQRJBH2_
eb>$TDk{ru&:|$5b’);
define(‘LOGGED_IN_KEY’,’N13G3G^n8w%B4Nge)|V6TyI!S^Td!u|6_]}8kVSDB]p|@fTu=%>)
M<s>%|t<qJb’);
define(‘NONCE_KEY’,’pOj/Uj?&+AJVO9SnRhr<e8:dO+A8>XgSO5SuUYpvkjy@%O:Hi
< Z->|!~YIA+Yq’);
define(‘AUTH_SALT’,’8c%^y1/Kts3(I|N9/:`DM(j+qx.rKQh+I##E~e!Oq7|
@p5j^D1:Yic+GQtlX>d’);
define(‘SECURE_AUTH_SALT’,’!$Fi=K0jfK([;1x~EzN,QQOja_y5a|oxl_On~7AIT&8<dE:)
M|DGc?Cb:sQiTor’);
define(‘LOGGED_IN_SALT’,’N&j*A6khkJb}DhN>)+||e2}(:^Oo+mw!~DV0V;3W:75C|KCrHK[)
7th_w:3%Fqe’);
define(‘NONCE_SALT’,’xscOi.7I=%1;=-{mWjN=+gN03].RjLR6|ZpvbZt@
bqK{p$2p;M.%,&i#9U8SLZ’);

You can change the secret keys any time by editing the wp-config.php file
and replacing the keys with new ones. Doing so doesn’t affect the functioning
of your Web site, but it does require that users log in to your site again,
if they were already logged in, because changing the keys changes user
authentication and retires the cookies that had already been placed in
their browsers.

Advertisements
Secret keys (salts)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s