WordPress secret keys and salts

To increase the security of a WordPress site you should add 8 different secret keys to the wp-config.php file.
WordPress has a convenient random secret keys generator wich allows you to copy/paste the keys at
api.wordpress.org/secret-key/1.1/salt/.

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY', 'your unique phrase here');
define('SECURE_AUTH_KEY', 'your unique phrase here');
define('LOGGED_IN_KEY', 'your unique phrase here');
define('NONCE_KEY', 'your unique phrase here');
define('AUTH_SALT', 'your unique phrase here');
define('SECURE_AUTH_SALT', 'your unique phrase here');
define('LOGGED_IN_SALT', 'your unique phrase here');
define('NONCE_SALT', 'your unique phrase here');

/**#@-*/

Example random keys from WordPress.org. These might be cached if you’re not logged in and therefore unsafe, better get your own at api.wordpress.org/secret-key/1.1/salt/

define('AUTH_KEY',         '%8j-2QB7vO3/ELze(m--)Bv}@$Tk]Ge`mWhEL%t, 0+6^-bWBVK{r0$68RdKLX#.');
define('SECURE_AUTH_KEY',  '*38O4B9fhjwoZ4|Ag8A})$~J~$??.8|70_=|`j?vy3Ysg,]{+RzdZ|JHNMZN6g;|');
define('LOGGED_IN_KEY',    'tX|p-[&--b5 B;yUEIrRNxd3!0a@vqrwSwC{]KI|WBFBD]H69P:ob.W~Oo &@} 8');
define('NONCE_KEY',        '{0f.2|iN}C|4hBXI1GwtAxNcmw[#,p}um-zM%,|Mtx6|gTLK/Y2tqT4]${e/oaO+');
define('AUTH_SALT',        'L4Q@-{~B7xY$;pfa7ZN}kFMil) d:[!Eu}`[D3g-mfgAA4YDo-/=(&nU@8ArbQ4 ');
define('SECURE_AUTH_SALT', '1{yr,_/_0}]]x A(]V{XFt{Nlaa+!Ts&PJu `t~Hcm;oVmulVU+,WVEk:{[_{UFb');
define('LOGGED_IN_SALT',   'q62x`-0|2t@&h4%7t&/}n(|_5tVQO_rQg2bUmI94dMT6$N2ZC]`ufEV4fNP8+P8,');
define('NONCE_SALT',       'Mq+wi@W$SCT$/=_2tIPO})7p[~H`%(-Px?9Q9j0)F^p(DZXQtozPJ]-V-eWMX(Bc');

Leave a Reply