WordPress secret keys and salts

To increase the security of a WordPress site you should add 8 different secret keys to the wp-config.php file.
WordPress has a convenient random secret keys generator wich allows you to copy/paste the keys at

 * Authentication Unique Keys and Salts.
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 * @since 2.6.0
define('AUTH_KEY', 'your unique phrase here');
define('SECURE_AUTH_KEY', 'your unique phrase here');
define('LOGGED_IN_KEY', 'your unique phrase here');
define('NONCE_KEY', 'your unique phrase here');
define('AUTH_SALT', 'your unique phrase here');
define('SECURE_AUTH_SALT', 'your unique phrase here');
define('LOGGED_IN_SALT', 'your unique phrase here');
define('NONCE_SALT', 'your unique phrase here');


Example random keys from WordPress.org. These might be cached if you’re not logged in and therefore unsafe, better get your own at api.wordpress.org/secret-key/1.1/salt/

define('AUTH_KEY',         'r}{s]-:z|4tLEKjn4OA7l.^ m,0wF0&^,/b#jgeCNx5f+G{,&FYpm8(B?4zU,UZa');
define('SECURE_AUTH_KEY',  'o6phu5,cRb]PLud(K[?z*B;mG!#;hT{Ym+wx@dYLYJeq,+a+^(2,)()nJ+$sv&&^');
define('LOGGED_IN_KEY',    '5+s-{X*bGE1O^Z6Ck!~OyyBrQ?MO!nnL3Qv-4U|1E2s~)4%GiE*u?5*0~CEN]H2%');
define('NONCE_KEY',        '@9`aXw6Te d,n|-g$U,2dmE{E1%{lkeV4:e,fI^&JoHwmY()OS:c:lOIK}cW|~er');
define('AUTH_SALT',        ' eYh}q[lH[ZFIVW+Xb&~|N0{*CADvxh}l30vp+Q #BXdmj.6Q|B(EqUN2:-t|Vm{');
define('SECURE_AUTH_SALT', 'CP5*j@5ZiWYqLkxZC^O+ohePG=_$!%r(=0}5jC=*Tu/8B+/^u%wZ^?f(2L+q=A;}');
define('LOGGED_IN_SALT',   '+qo|he!c0hYGS%?=|%TH0} g||}+VLAp[q6Yc5]cgM6W6iRu{L}NT1O.-sWmN5}r');
define('NONCE_SALT',       'p5k|O][BBe+Diizn|nWv46fN}8~D_{RxE#^Tt)R({Bc3|k4+6/-{R4(p!gw#LHx=');

Leave a Reply