WordPress secret keys and salts

To increase the security of a WordPress site you should add 8 different secret keys to the wp-config.php file.
WordPress has a convenient random secret keys generator wich allows you to copy/paste the keys at
api.wordpress.org/secret-key/1.1/salt/.

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY', 'your unique phrase here');
define('SECURE_AUTH_KEY', 'your unique phrase here');
define('LOGGED_IN_KEY', 'your unique phrase here');
define('NONCE_KEY', 'your unique phrase here');
define('AUTH_SALT', 'your unique phrase here');
define('SECURE_AUTH_SALT', 'your unique phrase here');
define('LOGGED_IN_SALT', 'your unique phrase here');
define('NONCE_SALT', 'your unique phrase here');

/**#@-*/

Example random keys from WordPress.org. These might be cached if you’re not logged in and therefore unsafe, better get your own at api.wordpress.org/secret-key/1.1/salt/

define('AUTH_KEY',         'OG +Ys&+/|_W0BhX+qBe-#=K^-%H:{p{Xe.DN$5BL(!m.G2Ea,q1y{4X(EM!{1Qr');
define('SECURE_AUTH_KEY',  ')-}0+,PMQn}0b7fnfC=&vq={`U,#k&sd)q|h+UmCV{g+Pka(,#e^U.[HC+!&lV|^');
define('LOGGED_IN_KEY',    'C-1vL4fV%-? SWkdI:M-KeU5&IJokwULXDw%-fh29@^#BMl`)/CFeE-4ri|w(@?1');
define('NONCE_KEY',        '{/dho{F_CLQL)niy=afn&h$@A@-wX:e25J&Z]jVMBshkPVj=W=b5*B3 (bk#C^t~');
define('AUTH_SALT',        ',3oeK5v0_wNU_]5x]L?,|R9!u6s z+e#&ywMiWO T}C|A,V%/5*X]Y0gx+XRpVH}');
define('SECURE_AUTH_SALT', 'grun+/x(-Y;UQ-8Vu|0y.v9J;AhXgBLa`{lY:?)g)+}~s#?BG{NtEQNZ@5,?W)r`');
define('LOGGED_IN_SALT',   '/qNvZ&u-@iXH6jvY37y&GGk{?ZHl;=uSa@h$M?#hC?C0M+ei:t*ep4(J}=wNq}#g');
define('NONCE_SALT',       'Ez56?[ws+lfBF nvt, )4ZQ9^2j?W[ OD5L1VndN@K]VA+]M7-kQr:3c|)eA_fQk');

Leave a Reply