Last Updated on
WordPress salts keys are also known as WordPress secret keys, security keys, and Authentication unique keys.
If you already have a WordPress site and searched for WordPress security, then you probably heard about WordPress salt keys (security Keys).
In this tutorial, we will explain what are WordPress salt keys and How to Change WordPress salt keys and secret keys.
WordPress Salt Keys are randomly generated variables that are used by WordPress to improve encryption of information stored in user’s cookies.
You can find the keys in your wp-config.php file.
There are total 4 security keys and 4 salt keys: ‘AUTH_KEY’, ‘SECURE_AUTH_KEY’, ‘LOGGED_IN_KEY’, ‘NONCE_KEY’, ‘AUTH_SALT’, ‘SECURE_AUTH_SALT’, ‘LOGGED_IN_SALT’, ‘NONCE_SALT’.
The keys look like:
Why are the WordPress Salt Keys used for?
WordPress Salt Keys have a major impact on your site.
WordPress Salts and Security keys are highly encrypted and it is impossible to decrypt it again.
These secret keys add an extra layer to your cookies and passwords.
Without it, anyone can enter your WordPress site and can do anything as they want.
Besides, a non-encrypted password in WordPress such as “username” and “password” can be easily cracked by hackers.
But a random generated encrypted password is hard to break.
For instance, if you think your site got hacked, then the first thing you need to change your “password”.
But only changing password is not enough.
So you need to change WordPress Security and Salt Keys.
After changing the keys, all users will be automatically logged out. So they need to log in again for working again.
How to Set and Change WordPress Salts Keys?
Changing WordPress Security Keys is so easy and you don’t need any plugin for that.
By default, WordPress salts keys are automatically added when WordPress is installed.
But when your site has been hacked, then you need to change WordPress Salts Keys immediately and we will show you how to do it.
Before you do, take a backup of the “wp-config.php” file.
- Login to your cPanel/FTP and go to the WordPress directory. Search for the “wp-config.php” file.
- Now edit this file.
- On the 49th (normally) line, you probably see that.
- Then you have to get the WordPress Salts Keys from here.
- Copy it and paste it into the “wp-config.php” file.
- Done 🙂
On every refresh, you will get new keys.
So you just need to copy the code one by one and replace the existing keys into your “wp-config.php” file.
Save your wp-config.php and you are done.
If you were logged into your WordPress admin panel, then you have to log in again.
This is the same for other users.
Do not share or publish the Security Keys with anyone.
Once you changed the WordPress Security Keys, there is no need to remember it.
If you want to change WordPress Salts keys again, then you need to do this process again.
It is also recommended that you Limit Login Attempts in WordPress to Protect your site from Brute Force Attacks.
How to Automatically Change WordPress Salt Keys (Plugin)
The first thing you need to do is install and activate Salt Shaker plugin.
Once the plugin is activated, you need to go to Tools » Salt Shaker page in your WordPress admin to set a schedule for changing the SALT keys.
You need to check the option for automatically changing the Salt keys and then select your schedule from the dropdown.
You can automatically change the authentication keys daily, weekly, and monthly.
In case you want to change the security and Salt keys manually, then you can do so by clicking on the Change Now button.
Remember that every time your WordPress Salt Keys are changed, you and other users will be automatically logged out from your WordPress site on all devices.