What are and How to Change WordPress Security & Salt Keys
WordPress security Keys are also known as WordPress Secret keys, Salt keys, and Authentication unique keys. If you already have a WordPress site and searched about WordPress security, then you probably heard about WordPress Security Keys(Salt Keys). In this tutorial, we will explain what are WordPress Security Keys and How to Change WordPress Security Keys (Secret Keys or Salt Keys).
What are WordPress Security or Secret Keys?
WordPress security keys are randomly generated variables that are used by WordPress to improve encryption of information stored in user’s cookies. You can find the keys in your wp-config.php file. There are total 4 security keys and 4 salt keys: ‘AUTH_KEY’, ‘SECURE_AUTH_KEY’, ‘LOGGED_IN_KEY’, ‘NONCE_KEY’, ‘AUTH_SALT’, ‘SECURE_AUTH_SALT’, ‘LOGGED_IN_SALT’, ‘NONCE_SALT’. The keys look like:
Why are the WordPress Security Keys used for?
Secret Keys have a major impact on your site. WordPress Salt and Security keys are highly encrypted and it is impossible to decrypt it again. These secret keys add an extra layer to your cookies and passwords. Without it, anyone can enter your WordPress site and can do anything as they want.
Besides, a non-encrypted password in WordPress such as “username” and “password” can be easily cracked by hackers. But a random generated encrypted password is hard to break.
For instance, if you think your site got hacked, then the first thing you need to change your “password”. But only changing password is not enough. So you need to change WordPress Security and Salt Keys. After changing the keys, all users will be automatically logged out. So they need to log in again for working again.
How to Set and Change WordPress Security Keys?
Changing WordPress Security Keys are so easy and you don’t need any plugin for that. By default, WordPress salt keys are automatically added when a WordPress is installed. But when your site has been hacked, then you need to change WordPress Salt Keys immediately and we will show you how to do it.
Before you do, take a backup of “wp-config.php” file.
Step 1, Login to your cPanel and go to WordPress directory. Search for “wp-config.php file”.
Now edit this file. On line 49, you probably see that. Then you have to get the WordPress Salt Keys from here. On every refresh, you will get new keys. So you just need to copy the code one by one and replace the existing keys into your wp-config.php file.
Save your wp-config.php and you are done. If you were logged into your WordPress admin panel, then you have to log in again. This is same for other users.
Note: Do not share or publish the Security Keys with anyone. Once you changed WordPress Security Keys, there is no need to remember it. If you want to change WordPress Salt keys again, then you need to do this process again. It is also recommended that you Limit Login Attempts in WordPress to Protect your site from Brute Force Attacks.
If you like this post, you will also like:
- How to Setup Yoast WordPress SEO Plugin(2017 Edition)
- 19 Best Tips to Speed Up WordPress(Increase Site Speed by 200%)
- How to Fix all Broken & Dead Links in your WordPress site