#WordPress Security Tip – Add keys and salts to the wp-config.php file.

WordPress has 4 authentication keys and salts that adds extra security to your cookies and passwords.

The default values are –

define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');

These are the values that every WordPress installation uses, unless changed.

To generate new values, navigate to this URL in your browser –

https://api.wordpress.org/secret-key/1.1/salt

and copy what comes back. Replace the lines in your wp-config.php file.

I just ran it and got-

define('AUTH_KEY', '82rh1]L83JYwiw2&_q+Wzb28J}2L-6H~yr99UeG|h7O#$t^K9{f!qS :-y$-h)R5');
define('SECURE_AUTH_KEY', 'wybE3J-S1Q%(*DPCiCGVh[0szILC+nR_Bj=*6wSQOdA2uxAX-8&IIMn_Q99#G2:W');
define('LOGGED_IN_KEY', '6Ri)QG|9l`1PQa,9%h7Ps8Ik(1O-9X9^J)`Sf)Y&^#g{:OM-xlfQle.G)fc9kGEc');
define('NONCE_KEY', 'n@C`hsNIzhio:*C$jE?g h#inK9_`q^Jo36{GN[72?jgU=c@q=1}$#4JH-n1|EbS');
define('AUTH_SALT', '[6pd#ybe=Z*G-GO[kps+6f9OzvG|{DfPjD0jnwCmzo*DID6OHahD0+/17[%4jaa1');
define('SECURE_AUTH_SALT', '#vqp!m5b+A1W^bA^Hc9z} +Zu%3guVh*:EG)Ko-Z=3mMx|f|tKMFaSxqF[AX3*l^');
define('LOGGED_IN_SALT', 'nuZ#}w.1`9NQq*X~2@b-/+W9D?RZZnMBc/B!0D`vuGb`>wz*LF){ +~=8s:5_;0f');
define('NONCE_SALT', '[5A.o&VVl>Jb+;xR?]hi+fC+j($|T%zLsZNST6NstK]M_+pmvhO`mu!bchPb]RYu');

And no, the ones immediately above are not what are in the wp-config.php for this site. 🙂

This entry was posted in Wordpress. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *