Salt Shaker – Change WordPress Security Keys and Salts Automatically

JavaScript for WordPress

WordPress cares about security. That’s why when you open your wp-config.php file you will find this section right after the database info:

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');

What are those Security Keys and Salts?

In short, security keys and salts improve the security of your WordPress login details. There are 4 security keys and corresponding 4 hashing salts. WordPress uses them to create the cookies.

Do you really have to change them every now and then?

It’s a must when you suspect malicious activity on your website. Otherwise, it’s a good practice to change them regularly for the sake of hardening your WordPress security. Taking into consideration, when you change the security keys, all logged-in users will need to login again.

Change WordPress Security Keys and Salts

You can update the security keys and salts by editing wp-config.php file or by using Salt Shaker plugin.

Editing wp-config.php File

  • Create new set of keys using this online generator.
  • Go to your WordPress root folder and open wp-config.php
  • Find the ‘Authentication Unique Keys and Salts.’ section, usually it’s just below the database credentials.
  • Replace them with the generated keys.
  • Save your config file.

Using Salt Shaker

Alternatively, you can use this simple plugin to change WordPress security keys. Salt Shaker allows you to schedule changing your keys on regular basis.

Salt Shaker - Change WordPress Security Keys Manually and Automatically

Check this quick tutorial of how to use the plugin.

Conclusion

The main purpose behind changing the security keys frequently is to improve the security of your website. Imagine the scenario where you log in to your WordPress dashboard from someone’s computer, this means that you have left your cookies behind. In case that person has the intention to hack your website these cookies will make his job a piece of cake. Furthermore, the scenario where a hacker is trying to guess a user’s password on your website. Trust me, you don’t want to make his job easier!

In both scenarios, it is a good practice to change the salt keys every now and then.It might be a hassle change the keys manually! Yet, you can use the Salt Shaker plugin to schedule changing these keys automatically or even change the keys with a click of a button.

GET MORE STUFF 
IN YOUR INBOX
WordPress Multilingual, Performance, SEO, Reviews and HOT Deals. One email per week!
Stay Updated
Give it a try, you can unsubscribe anytime.
Close
GET MORE STUFF
IN YOUR INBOX
WordPress Multilingual, Performance, SEO, Reviews and HOT Deals. One email per week!
Stay Updated
Give it a try, you can unsubscribe anytime.
We have created the 1st online directory for the Multilingual Themes
CLICK HERE

WE'RE SOCIAL!

Follow us on..