Last Updated on
WordPress salts keys are also known as WordPress secret keys, security keys, and Authentication unique keys. If you already have a WordPress site and searched for WordPress security, then you probably heard about WordPress salt keys (security Keys). In this tutorial, we will explain what are WordPress salt keys and How to Change WordPress salt keys and secret keys.
WordPress Security Keys are randomly generated variables that are used by WordPress to improve encryption of information stored in user’s cookies. You can find the keys in your wp-config.php file. There are total 4 security keys and 4 salt keys: ‘AUTH_KEY’, ‘SECURE_AUTH_KEY’, ‘LOGGED_IN_KEY’, ‘NONCE_KEY’, ‘AUTH_SALT’, ‘SECURE_AUTH_SALT’, ‘LOGGED_IN_SALT’, ‘NONCE_SALT’. The keys look like:
Why are the WordPress Security Keys used for?
Secret Keys have a major impact on your site. WordPress Salts and Security keys are highly encrypted and it is impossible to decrypt it again. These secret keys add an extra layer to your cookies and passwords. Without it, anyone can enter your WordPress site and can do anything as they want.
Besides, a non-encrypted password in WordPress such as “username” and “password” can be easily cracked by hackers. But a random generated encrypted password is hard to break.
For instance, if you think your site got hacked, then the first thing you need to change your “password”. But only changing password is not enough. So you need to change WordPress Security and Salt Keys. After changing the keys, all users will be automatically logged out. So they need to log in again for working again.
How to Set and Change WordPress Salts Keys?
Changing WordPress Security Keys are so easy and you don’t need any plugin for that. By default, WordPress salts keys are automatically added when WordPress is installed. But when your site has been hacked, then you need to change WordPress Salts Keys immediately and we will show you how to do it.
Before you do, take a backup of “wp-config.php” file.
- Step 1: Login to your cPanel and go to the WordPress directory. Search for “wp-config.php file”.
Now edit this file. On the 49th line, you probably see that. Then you have to get the WordPress Salts Keys from here. On every refresh, you will get new keys. So you just need to copy the code one by one and replace the existing keys into your wp-config.php file.
Save your wp-config.php and you are done. If you were logged into your WordPress admin panel, then you have to log in again. This is the same for other users.
Note: Do not share or publish the Security Keys with anyone. Once you changed the WordPress Security Keys, there is no need to remember it. If you want to change WordPress Salts keys again, then you need to do this process again. It is also recommended that you Limit Login Attempts in WordPress to Protect your site from Brute Force Attacks.