Salt Shaker – Change WordPress Security Keys and Salts Automatically

Spread the love
  • 2

WordPress cares about security. That’s why when you open your wp-config.php file you will find this section right after the database info:

 * Authentication Unique Keys and Salts.
 * Change these to different unique phrases!
 * You can generate these using the {@link secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 * @since 2.6.0
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');

What are those Security Keys and Salts?

In short, security keys and salts improve the security of your WordPress login details. There are 4 security keys and corresponding 4 hashing salts. WordPress uses them to create the cookies.

Do you really have to change them every now and then?

It’s a must when you suspect malicious activity on your website. Otherwise, it’s a good practice to change them regularly for the sake of hardening your WordPress security. Taking into consideration, when you change the security keys, all logged-in users will need to login again.

Change WordPress Security Keys and Salts

You can update the security keys and salts by editing wp-config.php file or by using Salt Shaker plugin.

READ  How to Create Full Width Page for Elementor Page Builder

Editing wp-config.php File

  • Create new set of keys using this online generator.
  • Go to your WordPress root folder and open wp-config.php
  • Find the ‘Authentication Unique Keys and Salts.’ section, usually it’s just below the database credentials.
  • Replace them with the generated keys.
  • Save your config file.

Using Salt Shaker

Alternatively, you can use this simple plugin to change WordPress security keys. Salt Shaker allows you to schedule changing your keys on regular basis.

Salt Shaker - Change WordPress Security Keys Manually and Automatically

Check this quick tutorial of how to use the plugin.


The main purpose behind changing the security keys frequently is to improve the security of your website. Imagine the scenario where you log in to your WordPress dashboard from someone’s computer, this means that you have left your cookies behind. In case that person has the intention to hack your website these cookies will make his job a piece of cake. Furthermore, the scenario where a hacker is trying to guess a user’s password on your website. Trust me, you don’t want to make his job easier!

In both scenarios, it is a good practice to change the salt keys every now and then.It might be a hassle change the keys manually! Yet, you can use the Salt Shaker plugin to schedule changing these keys automatically or even change the keys with a click of a button.

(Visited 153 times, 1 visits today)
  • 2


I write about Multilingual WordPress, SEO, Website Performance. Also, I like answering WordPress question on Quora. When I have the time, I run online sessions to teach WordPress for my personal FB page fans!

pulvinar vel, id, venenatis, mi, Praesent odio amet, facilisis ante. id

Pin It on Pinterest

Do you find this interesting?

Share it with your friends!