WordPress secret keys and salts

To increase the security of a WordPress site you should add 8 different secret keys to the wp-config.php file.
WordPress has a convenient random secret keys generator wich allows you to copy/paste the keys at

 * Authentication Unique Keys and Salts.
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 * @since 2.6.0
define('AUTH_KEY', 'your unique phrase here');
define('SECURE_AUTH_KEY', 'your unique phrase here');
define('LOGGED_IN_KEY', 'your unique phrase here');
define('NONCE_KEY', 'your unique phrase here');
define('AUTH_SALT', 'your unique phrase here');
define('SECURE_AUTH_SALT', 'your unique phrase here');
define('LOGGED_IN_SALT', 'your unique phrase here');
define('NONCE_SALT', 'your unique phrase here');


Example random keys from WordPress.org. These might be cached if you’re not logged in and therefore unsafe, better get your own at api.wordpress.org/secret-key/1.1/salt/

define('AUTH_KEY',         '*@g+,Gi5pA8{@$LSDdND!`f$;Lq%H8[],;i@j}9kV2xw^]!{=yZ82,|J[l0|yxUA');
define('SECURE_AUTH_KEY',  'P4HH5p4W}5rFee^Ny2%T`!U9ls=Te|KGiiLndWO,G)u}LfrF9p)PQ}sWO}{NZGiw');
define('LOGGED_IN_KEY',    'LQo%MXMjGUo0m}S8RU;-Fzj_v(_|}1WT,t;6q!INHHV:R4Q)f+Ry}z%,Aq{.Y*:%');
define('NONCE_KEY',        '&)9Z$-o=YVq,C%5!jkU)MZG|xf}+aqn+}8+gl}$({;J`fH;e2o}-XP.z:mdot{v]');
define('AUTH_SALT',        '1 qxIf3}eh!Us/++-B2EE{0#tV{5PD87e3R@!-hhZI0R[ T,E,z91P(O`etfONZl');
define('SECURE_AUTH_SALT', '7#Qc4PS9gk]Ik+zjH=^siE/*jRz{`+K!6S5/0]?1&cRz37.mE&J}P%pmr*|KZrf&');
define('LOGGED_IN_SALT',   'qnu8sM]}]{[]j&O&(5E5]r6#WT:[}vM6-tPsU&([_dY%WCYNHb~2bHU?p|89xKnl');
define('NONCE_SALT',       '=tgwo%IyD%VewxNZ{lvrE0lH|[~A)XT~-^YE1%W |s)P-`D$Hp{L8kC5 IjOaPUy');

Leave a Reply