WordPress secret keys and salts
To increase the security of a WordPress site you should add 8 different secret keys to the wp-config.php file.
WordPress has a convenient random secret keys generator wich allows you to copy/paste the keys at
api.wordpress.org/secret-key/1.1/salt/.
/**#@+ * Authentication Unique Keys and Salts. * * Change these to different unique phrases! * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. * * @since 2.6.0 */ define('AUTH_KEY', 'your unique phrase here'); define('SECURE_AUTH_KEY', 'your unique phrase here'); define('LOGGED_IN_KEY', 'your unique phrase here'); define('NONCE_KEY', 'your unique phrase here'); define('AUTH_SALT', 'your unique phrase here'); define('SECURE_AUTH_SALT', 'your unique phrase here'); define('LOGGED_IN_SALT', 'your unique phrase here'); define('NONCE_SALT', 'your unique phrase here'); /**#@-*/
Example random keys from WordPress.org. These might be cached if you’re not logged in and therefore unsafe, better get your own at api.wordpress.org/secret-key/1.1/salt/
define('AUTH_KEY', '%8j-2QB7vO3/ELze(m--)Bv}@$Tk]Ge`mWhEL%t, 0+6^-bWBVK{r0$68RdKLX#.');
define('SECURE_AUTH_KEY', '*38O4B9fhjwoZ4|Ag8A})$~J~$??.8|70_=|`j?vy3Ysg,]{+RzdZ|JHNMZN6g;|');
define('LOGGED_IN_KEY', 'tX|p-[&--b5 B;yUEIrRNxd3!0a@vqrwSwC{]KI|WBFBD]H69P:ob.W~Oo &@} 8');
define('NONCE_KEY', '{0f.2|iN}C|4hBXI1GwtAxNcmw[#,p}um-zM%,|Mtx6|gTLK/Y2tqT4]${e/oaO+');
define('AUTH_SALT', 'L4Q@-{~B7xY$;pfa7ZN}kFMil) d:[!Eu}`[D3g-mfgAA4YDo-/=(&nU@8ArbQ4 ');
define('SECURE_AUTH_SALT', '1{yr,_/_0}]]x A(]V{XFt{Nlaa+!Ts&PJu `t~Hcm;oVmulVU+,WVEk:{[_{UFb');
define('LOGGED_IN_SALT', 'q62x`-0|2t@&h4%7t&/}n(|_5tVQO_rQg2bUmI94dMT6$N2ZC]`ufEV4fNP8+P8,');
define('NONCE_SALT', 'Mq+wi@W$SCT$/=_2tIPO})7p[~H`%(-Px?9Q9j0)F^p(DZXQtozPJ]-V-eWMX(Bc');