WordPress Authentication Keys and Salts = Better Security!

Ever wondered how your WordPress site knows it’s you that’s logged in as admin and not someone else? WordPress doesn’t use sessions, but rather stores this information in a cookie (in your browser).

If you’re logged into a WordPress site, your cookie will identify you to it.

To protect the information stored in your WordPress cookies, WordPress uses authentication keys and salts to encrypt it and reduce chances of your account being compromised.’With enough time, information, and intelligence, most all encryption can be cracked eventually, so it’s a good idea to regularly update your WordPress Authentication Keys and Salts.’By the end of this article you will know a bit more about what WordPress Authentication keys and salts are, and how you can change them easily.


What are the WordPress Authentication Keys and Salts?

As already outlined, the WordPress Authentication Keys and Salts help protect your website from intrusion by encrypting the information that identifies you with the site.

This information stored in your cookies is encrypted using the WordPress Authentication Keys and Salts that are defined in your wp-config.php file.

It is recommended that you update these keys regularly and especially if you suspect that someone has gained unintentional access to the site.

It’s quite easy to do too.

Remember: When you update your keys and salts, all existing login sessions on the site will be terminated ‘ that is to say, everyone will need to login again.

How to update the WordPress Authentication Keys and Salts’

There are 3 steps to resetting the keys and salts’

  1. Backup your WordPress database and wp-config.php file You can do this manually or using one of our recommended backup plugins. (LINK)
  2. Get new authentication keys and salts by’clicking’this’link: https://api.wordpress.org/secret-key/1.1/salt‘and copying all the text in this page to a notepad
  3. Open wp-config.php in a text or code editor and locate the “Authentication keys” area (See the image below #5). There may already be keys there, it is ok to replace them if you’d like to.
  4. Replace all 6 lines in the file with all six lines copied from step 2.
  5. Save and replace your wp-config.php file with the new contents and you’re done.

The Authentication Keys area inside wp-config


About the author

Guest Contributor

Guest Contributor

WPUniversity Contributors help us make WordPress more approachable for non-developers. Want to get involved? Get all the details here.