WordPress secret keys and salts

To increase the security of a WordPress site you should add 8 different secret keys to the wp-config.php file.
WordPress has a convenient random secret keys generator wich allows you to copy/paste the keys at
api.wordpress.org/secret-key/1.1/salt/.

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY', 'your unique phrase here');
define('SECURE_AUTH_KEY', 'your unique phrase here');
define('LOGGED_IN_KEY', 'your unique phrase here');
define('NONCE_KEY', 'your unique phrase here');
define('AUTH_SALT', 'your unique phrase here');
define('SECURE_AUTH_SALT', 'your unique phrase here');
define('LOGGED_IN_SALT', 'your unique phrase here');
define('NONCE_SALT', 'your unique phrase here');

/**#@-*/

Example random keys from WordPress.org. These might be cached if you’re not logged in and therefore unsafe, better get your own at api.wordpress.org/secret-key/1.1/salt/

define('AUTH_KEY',         'pt#E&.|nNp=O^XO2]*XFxvs. sWkNSUW{t;,-_{zR}|I!0wOaN{`/J-N[c hM}g*');
define('SECURE_AUTH_KEY',  ']$7F/|TX]o1E6nmAeU2(/@bjSX/rjZ/3*F{ovx}bgeTm$x{s^/~aj&4CLP[(})15');
define('LOGGED_IN_KEY',    'YmjU/]fy|ZoUNTgt|J/zDIGP?*o]2[.@?)|P}&|Z{!^[UJSlUXkX5e=~xm`DjYi0');
define('NONCE_KEY',        'GfW?,J4!X`uLrjI|Y15vN4zld.Mae@G1_.**k.)CXR]w(qA}D)8-e}Id=4W8B7ec');
define('AUTH_SALT',        ',T43?gQl{ZQwdH.^P:b{!kj@TQ%-{vw?#)st-CoA=Re#.|QX^:%MBd)Q{gT$_aH0');
define('SECURE_AUTH_SALT', 'QE9@~q {roxWZYKz#p=OvfO!w]R,C![8-mB4x#{Ehhsh9JG.If^e.XS}/@C3?IgC');
define('LOGGED_IN_SALT',   'OguB]TQJc@wCkB+W&L vk-d4_^LomR)&c%wd9,I(Z%bP9-Ux#Ccp6-Y-ghh#s@+Y');
define('NONCE_SALT',       '-BZTkid9--:DW8!~6nsJYUA*eQvdS5QlP~Dm2aH*dR{+`)CxtEzY8&Gc?G6c&,~K');

Leave a Reply