Protecting sites against brute force attacks is one of the fundamental steps of WordPress Security. WordPress security keys and salts offer a solution to improve and harden your site security.
WordPress keys and salts play a significant role in securing site cookies and stop hackers from accessing your site.
What are security keys?
Security keys and hashing salts are those authentication variables that enhance the security of your login credentials. They add an extra security layer to the username and password information stored in the user’s cookies.
Currently, there are four security keys i.e.
AUTH_KEY,
SECURE_AUTH_KEY, LOGGED_IN_KEY, and NONCE_KEY. |
With each key, corresponding salts are also present that are:
AUTH_SALT,
SECURE_AUTH_SALT, LOGGED_IN_SALT, and NONCE_SALT. |
You can add them in the wp-config.php file.
Given below is the demo of the WordPress security keys, which appear like this by default
Configuring WordPress security keys:
To configure WordPress security keys in the wp-config.php file, go through the following steps –
- Open WordPress wp-config.php file.
- Look for Authentication Unique Keys and Salts. This section could be found just after the database credentials unless you moved the database credentials out of your wp-config.php file.
- Assign any random value of 60+ unique characters for each key and salt by replacing put your unique phrase here. You can even use the online WordPress security key generator for automatic generation of the keys.
- In case you are using an online WordPress security key generator, simply copy the entire block of code and replace the eight default keys values in your wp-config.php file.
- Now save the wp-config.php file.
Using a plugin to configure WordPress security keys:
There are a few different plugins as well that will automate the process of changing WordPress security keys. Specifically, there are some WordPress plugins that will do the job right:
-
Wp-config file editor
There may be some tasks you would have always wanted to update in WordPress, but you were no confident enough to edit the wp-config.php file to do. So well this plugin hooks into the file and helps to do the task easily. Where you also update your security keys.
2. iThemes Security
There is also one of the premium iTheme Security (Pro) plugin. iTheme is included in a number of WP Buff’s plans, that’s the reason you can count on this method for implementing and updating security keys and salts.
Conclusion:
Security Keys are not at all complicated as they look. From an end user’s point of view, it’s true that they aren’t the most critical part of a good security routine and WordPress usually does all the important work of using them so it’s all transparent to us.