WordPress secret keys and salts

To increase the security of a WordPress site you should add 8 different secret keys to the wp-config.php file.
WordPress has a convenient random secret keys generator wich allows you to copy/paste the keys at
api.wordpress.org/secret-key/1.1/salt/.

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY', 'your unique phrase here');
define('SECURE_AUTH_KEY', 'your unique phrase here');
define('LOGGED_IN_KEY', 'your unique phrase here');
define('NONCE_KEY', 'your unique phrase here');
define('AUTH_SALT', 'your unique phrase here');
define('SECURE_AUTH_SALT', 'your unique phrase here');
define('LOGGED_IN_SALT', 'your unique phrase here');
define('NONCE_SALT', 'your unique phrase here');

/**#@-*/

Example random keys from WordPress.org. These might be cached if you’re not logged in and therefore unsafe, better get your own at api.wordpress.org/secret-key/1.1/salt/

define('AUTH_KEY',         ':Z~MxwO81CQ2rA$-st}G9vdA}|W~KVb`76%z@.,XO 2W@1+l:vW?4J@nUeYH@l85');
define('SECURE_AUTH_KEY',  '5wM`TLalHA|/hW:_-DN?O!?.h+}[0ahJz$W!4}rg,d[%K+wrgwFH.*]!S}+Y+ {~');
define('LOGGED_IN_KEY',    'ptYlt27e[*G ^R||A~*mn:wR;c)${~mYa }G)Kk9?.vae??3|fx^aa-2# KIr1$|');
define('NONCE_KEY',        'Cdn`P} 9$$LdRVpiK4)ao|p#j$R=WBf)r,n_uiIk6u)$8oHv#|$N+nQnvtTe6Gj$');
define('AUTH_SALT',        ']x-%?|6d}Lj.YziSk::|9]e8I@L=fod+YbpOPWGTZc#.mQ V;:=;2n^n|*}yU$1;');
define('SECURE_AUTH_SALT', 'ul(|j9qs;Cu|rEx]5di=IZwwpgf|$p}MvwFp`G+R{vP-gl~f6G|YZo%3=zq(+I+E');
define('LOGGED_IN_SALT',   '{{3-K.%M;51BA-g3;Cz:v+yzqq{{f7(M@O@ZJTZ|%`/n`w?R_A-=@j=YlyAKLHZ_');
define('NONCE_SALT',       '0c0mn.L]]|^-F_{q2$}WRE-6G}+ Lny?{&?u+26L,T|n,D-=mGXHa7J^ykjP- {]');

Leave a Reply