WordPress secret keys and salts

To increase the security of a WordPress site you should add 8 different secret keys to the wp-config.php file.
WordPress has a convenient random secret keys generator wich allows you to copy/paste the keys at
api.wordpress.org/secret-key/1.1/salt/.

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY', 'your unique phrase here');
define('SECURE_AUTH_KEY', 'your unique phrase here');
define('LOGGED_IN_KEY', 'your unique phrase here');
define('NONCE_KEY', 'your unique phrase here');
define('AUTH_SALT', 'your unique phrase here');
define('SECURE_AUTH_SALT', 'your unique phrase here');
define('LOGGED_IN_SALT', 'your unique phrase here');
define('NONCE_SALT', 'your unique phrase here');

/**#@-*/

Example random keys from WordPress.org. These might be cached if you’re not logged in and therefore unsafe, better get your own at api.wordpress.org/secret-key/1.1/salt/

define('AUTH_KEY',         ']st-C(}BIOS&x!G0jE^X}@}@5%|`=.T4$Q7x*O{8yt$}Z+GGXX`5Slaj8~tI]/~0');
define('SECURE_AUTH_KEY',  'ML:CRF+-K|(G{$] 6}4Hqkn+K=X=lipkT7U^|:g7b^-?+`OfayW!${52ymVNC|FH');
define('LOGGED_IN_KEY',    'Q[-pY4{$m/;/-+gik~nWmuY4|/y[]@189_anf%* h-5Z{+VCPvvG0+/g!XG(%pA ');
define('NONCE_KEY',        'GbZ-)esz}~E!JQK$Z{B,W|-#97*sR8U3K(3%9?s,V) Y{(7.iGbb@6]FCg@RA8Pf');
define('AUTH_SALT',        'czZJJ5s-= B)HMKJF2~]%bX%|f/+{Yb`v{+J!0AFypKFP8o+FW^SU~t|Tf)*iNCY');
define('SECURE_AUTH_SALT', '_EMQfNgWk7;&(~`uG5{19-ZQ|3bjkBphm_Aa;|B)6#W1Sdm1/CT`-&{ApU5q!q7[');
define('LOGGED_IN_SALT',   '~.sO+v!~K$fk.!;=Di8g)0s*a|:EGhd]z(X#pekbqQA[CO`_z1PkXKYm3grssT!s');
define('NONCE_SALT',       'c*q9_U@&OX%o_L{VPg M*?m~3zta_+XA@1$&mkQ!SrJpsPh7=Y{-x#|v}-lS+Zb;');

Leave a Reply