WordPress security keys and salts generator– Secure your wordpress

Wordpress security keys, salts generatorAs a wordpress user you must know some common things in order to secure your site. We are providing more security tips and procedures for wordpress users. In this article you will learn about securing your site using wordpress security keys and salts. Also let’s see some basics about what and why to use wordpress security keys.

What are wordpress security keys and salts?

WordPress security keys and salts are random bits of encrypted data that adds some additional security to your passwords and cookies. There are totally four authentication keys such as ‘AUTH_KEY’, ‘SECURE_AUTH_KEY’, ‘LOGGED_IN_KEY’, ‘NONCE_KEY’ and four hashing salts such as ‘AUTH_SALT’, ‘SECURE_AUTH_SALT’, ‘LOGGED_IN_SALT’ and ‘NONCE_SALT’ which has been added since wordpress 2.6.0.

Related: Limit login attempts in wordpress dashboard for security

How wordpress security keys will secure my site

Some data might be stored in your visitor’s cookies and to encrypt those data’s you must use wordpress security keys. So with encrypted cookies and passwords hackers will find impossible to handle your site. Usually passwords are easy to crack if it is non-encrypted (password).  Random encrypted passwords (fsfsdg798789r98832u9898uv988uv) are impossible and it will take years to find out the right value. So to add some additional security to your cookies and passwords you must use wordpress security keys.

Related: Password protect your wordpress admin directory

How and where to use wordpress security keys

WordPress security keys and salts come by default with your wordpress installation and it works cool, but to make it stronger you can add new keys. You can see your wordpress security keys and salts in wp-config.php file that is in your main wordpress directory. Below is the sample for wordpress security keys and salts that you see in your wp-config.php.

 * Authentication Unique Keys and Salts.
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 * @since 2.6.0
define('AUTH_KEY',         '/hHrAb@zT|.-,+5+6d+p/vgvoBo%^_uByCSRF5s}|X$}oKnV.6QeS%Z7 +[&b^Mq');
define('SECURE_AUTH_KEY',  'bD- +{BOSiGR{cazC**g%UZ~evg4Fi;gldyEZwo |$?Sr0mCg|XB]=*wk^95/(k+');
define('LOGGED_IN_KEY',    'urr!,9Md+:tv0LG0unbD{jE{/Wb$xDd<+@OD|D;?g-O^~vy|d0:q|=6*o6@, {W#');
define('NONCE_KEY',        '|G/Y_-P6y@M}APy@=3A:/~$U#6r:w~q@OT.%>2oE$db|F#:}-yhU}_q-~i{$%^B*');
define('AUTH_SALT',        '.uXW!]|5D)WYza(*Bfv@c,WeHuZpi+/*cOQM;anz]Wn@$JR:s}9Y%RW||[)|N1e6');
define('SECURE_AUTH_SALT', 'K=[42 K20RoEiyq*k7$AVL+_S4veav^jd]2u.^#Ku-s)G>6xP+!F[=9;CPp<gWrq');
define('LOGGED_IN_SALT',   ')->aqIP*)P&LoOkNu#}_>H2mSu]ZO?|fu%kt9QnZWg)D3h$||up77n3(q?w}!-Gb');
define('NONCE_SALT',       'P:$u1_xKe0u%NA-rRR[4{Qg0%fI72Pm5W;WQ4`atpa*v~7X%jwvgY@;.^+koG.yN');


Don’t copy this key instead generate and grab the whole variables from wordpress secret key generator. Now paste the generated keys in your wp-config.php file accordingly. Now save the file and you don’t need to remember these variables anymore. Generate these keys once again and add it accordingly in your wp-config.php just in case if you recovered your site from a serious hack.

One more thing if your any users were logged in to your wordpress dashboard then they will be asked to login again.

Hope this article helped you with securing your wordpress site using wordpress security keys and salts.