WordPress secret keys and salts

To increase the security of a WordPress site you should add 8 different secret keys to the wp-config.php file.
WordPress has a convenient random secret keys generator wich allows you to copy/paste the keys at
api.wordpress.org/secret-key/1.1/salt/.

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY', 'your unique phrase here');
define('SECURE_AUTH_KEY', 'your unique phrase here');
define('LOGGED_IN_KEY', 'your unique phrase here');
define('NONCE_KEY', 'your unique phrase here');
define('AUTH_SALT', 'your unique phrase here');
define('SECURE_AUTH_SALT', 'your unique phrase here');
define('LOGGED_IN_SALT', 'your unique phrase here');
define('NONCE_SALT', 'your unique phrase here');

/**#@-*/

Example random keys from WordPress.org. These might be cached if you’re not logged in and therefore unsafe, better get your own at api.wordpress.org/secret-key/1.1/salt/

define('AUTH_KEY',         'FLsl/].7KzVG~u}7UFSNCX8yTv=j{R*SzW:-?iF_h.%U3|?qS]v4ZOc~EaAXU{BS');
define('SECURE_AUTH_KEY',  'bS_sW5qa=duCr&vzyBc~]6w)AH0g&HE@|/sJLm9$F4~9L@Ns,5qdf4fZMbRcxP:x');
define('LOGGED_IN_KEY',    '#+yb(Ji}{dToN[2vHa||/-CgEr~ml)l*.U#Whn+#&/4ssb`Ykv(|12|%QP}Q]#gj');
define('NONCE_KEY',        'T?IOd#Qm7[dq7QN&r}-r{{ob_n21_}^(BDS#! 5YbyvX?.}KH5[S_V{Vaib#`KU6');
define('AUTH_SALT',        ']L5`p6Mgf1_==,4*{+A+-5v,nKj rNnF{*2qsUn]8@;6&S7p+jV6Bt]g39W)~ynz');
define('SECURE_AUTH_SALT', 'aW6}F.NisA-X[{;M-T-O7wQ9Jsh9IE3m}u9{/4)=q/a}my8S?d8acbr-vCJ5IR+p');
define('LOGGED_IN_SALT',   '|ctXO--(c;Tbmf^,jfds7M2XX%-QS%Q(D*Q?C$wbe+U^Y-;j+9tX=pr:}Et+/N@*');
define('NONCE_SALT',       'WXG@)+YpWQ6#;%={&=kZaL|9sEEt?NP!3-)fyRj02sv}# 2C5Q1[5K6[}H+4J_C8');

Leave a Reply