How to Easily Change WordPress Salts & Security Keys
WordPress salts keys are also known as WordPress secret keys, security keys, and Authentication unique keys. If you already have a WordPress site and searched for WordPress security, then you probably heard about WordPress salt keys (security Keys). In this tutorial, we will explain what are WordPress salt keys and How to Change WordPress salt keys and secret keys.
What are WordPress Security or Secret Keys?
WordPress security keys are randomly generated variables that are used by WordPress to improve encryption of information stored in user’s cookies. You can find the keys in your wp-config.php file. There are total 4 security keys and 4 salt keys: ‘AUTH_KEY’, ‘SECURE_AUTH_KEY’, ‘LOGGED_IN_KEY’, ‘NONCE_KEY’, ‘AUTH_SALT’, ‘SECURE_AUTH_SALT’, ‘LOGGED_IN_SALT’, ‘NONCE_SALT’. The keys look like:
Why are the WordPress Security Keys used for?
Secret Keys have a major impact on your site. WordPress Salts and Security keys are highly encrypted and it is impossible to decrypt it again. These secret keys add an extra layer to your cookies and passwords. Without it, anyone can enter your WordPress site and can do anything as they want.
Besides, a non-encrypted password in WordPress such as “username” and “password” can be easily cracked by hackers. But a random generated encrypted password is hard to break.
For instance, if you think your site got hacked, then the first thing you need to change your “password”. But only changing password is not enough. So you need to change WordPress Security and Salt Keys. After changing the keys, all users will be automatically logged out. So they need to log in again for working again.
How to Set and Change WordPress Salts Keys?
Changing WordPress Security Keys are so easy and you don’t need any plugin for that. By default, WordPress salts keys are automatically added when WordPress is installed. But when your site has been hacked, then you need to change WordPress Salts Keys immediately and we will show you how to do it.
Before you do, take a backup of “wp-config.php” file.
Step 1, Login to your cPanel and go to the WordPress directory. Search for “wp-config.php file”.
Now edit this file. On the 49th line, you probably see that. Then you have to get the WordPress Salts Keys from here. On every refresh, you will get new keys. So you just need to copy the code one by one and replace the existing keys into your wp-config.php file.
Save your wp-config.php and you are done. If you were logged into your WordPress admin panel, then you have to log in again. This is the same for other users.
Note: Do not share or publish the Security Keys with anyone. Once you changed the WordPress Security Keys, there is no need to remember it. If you want to change WordPress Salts keys again, then you need to do this process again. It is also recommended that you Limit Login Attempts in WordPress to Protect your site from Brute Force Attacks.
If you like this post, you will also like:
- How to Setup Yoast WordPress SEO Plugin(2017 Edition)
- 19 Best Tips to Speed Up WordPress(Increase Site Speed by 200%)
- How to Fix all Broken & Dead Links in your WordPress site
*This post may have affiliate links, which means I may receive a small fee if you choose to purchase through my links (at no extra cost to you). This helps us to keep WPMyWeb up and running and up-to-date. Thank you if you use our links, we really appreciate it! Learn more.