WordPress secret keys and salts
To increase the security of a WordPress site you should add 8 different secret keys to the wp-config.php file.
WordPress has a convenient random secret keys generator wich allows you to copy/paste the keys at
api.wordpress.org/secret-key/1.1/salt/.
/**#@+ * Authentication Unique Keys and Salts. * * Change these to different unique phrases! * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. * * @since 2.6.0 */ define('AUTH_KEY', 'your unique phrase here'); define('SECURE_AUTH_KEY', 'your unique phrase here'); define('LOGGED_IN_KEY', 'your unique phrase here'); define('NONCE_KEY', 'your unique phrase here'); define('AUTH_SALT', 'your unique phrase here'); define('SECURE_AUTH_SALT', 'your unique phrase here'); define('LOGGED_IN_SALT', 'your unique phrase here'); define('NONCE_SALT', 'your unique phrase here'); /**#@-*/
Example random keys from WordPress.org. These might be cached if you’re not logged in and therefore unsafe, better get your own at api.wordpress.org/secret-key/1.1/salt/
define('AUTH_KEY', ']st-C(}BIOS&x!G0jE^X}@}@5%|`=.T4$Q7x*O{8yt$}Z+GGXX`5Slaj8~tI]/~0');
define('SECURE_AUTH_KEY', 'ML:CRF+-K|(G{$] 6}4Hqkn+K=X=lipkT7U^|:g7b^-?+`OfayW!${52ymVNC|FH');
define('LOGGED_IN_KEY', 'Q[-pY4{$m/;/-+gik~nWmuY4|/y[]@189_anf%* h-5Z{+VCPvvG0+/g!XG(%pA ');
define('NONCE_KEY', 'GbZ-)esz}~E!JQK$Z{B,W|-#97*sR8U3K(3%9?s,V) Y{(7.iGbb@6]FCg@RA8Pf');
define('AUTH_SALT', 'czZJJ5s-= B)HMKJF2~]%bX%|f/+{Yb`v{+J!0AFypKFP8o+FW^SU~t|Tf)*iNCY');
define('SECURE_AUTH_SALT', '_EMQfNgWk7;&(~`uG5{19-ZQ|3bjkBphm_Aa;|B)6#W1Sdm1/CT`-&{ApU5q!q7[');
define('LOGGED_IN_SALT', '~.sO+v!~K$fk.!;=Di8g)0s*a|:EGhd]z(X#pekbqQA[CO`_z1PkXKYm3grssT!s');
define('NONCE_SALT', 'c*q9_U@&OX%o_L{VPg M*?m~3zta_+XA@1$&mkQ!SrJpsPh7=Y{-x#|v}-lS+Zb;');