WordPress Security: Authentication Keys and Salts

How does your WordPress site knows it’s you that’s logged in and not someone else?

WordPress stores this information in a cookie (in your browser) – if you’re logged into a WordPress site, your cookie will identify you .

To help protect your ‘session’, WordPress uses keys and salts to encrypt it and reduce chances of your account being compromised.

With enough time, information, your cookies can be forged and hijacked eventually, so it’s a good idea to regularly update your Authentication Keys and Salts.

By the end of this article you will know a bit more about what WordPress Authentication keys and salts are, and how you can change them easily.

What are the WordPress Authentication Keys and Salts?

As already outlined, the WordPress Authentication Keys and Salts help protect your website from intrusion by encrypting the information that identifies you with the site.

These keys and salts are defined in your wp-config.php file.

It is recommended that you update these keys regularly and especially if you suspect that someone has gained unintentional access to the site. It’s quite easy to do too.

Remember: When you update your keys and salts, all existing login sessions on the site will be terminated – that is to say, everyone will need to login again.

How to update the WordPress Authentication Keys and Salts – the easy way

iControlWP has a growing collection of security tools designed to make protecting your WordPress sites easier to do.

iControlWP‘s strength lies in its ability to run actions across all your websites in bulk, and resetting WordPress Authentication Keys and Salts is just one of them.

Resetting your keys and salts on any site is as easy as clicking a button (see image), and you even have the option to select all or some of your sites at once and run the reset tool.

If you don’t have a free iControlWP account you can of course do this manually, and its one of the easier security tasks to perform.

But, you’ll want to do this regularly, which is where iControlWP shines, as it removes the manual work altogether.

So head on over to your free iControlWP account and give it a go!

How to update the WordPress Authentication Keys and Salts – the hard way

There are 3 steps to resetting the keys and salts…

1. Backup your WordPress database and wp-config.php file

If you’re running WorpDrive on your WordPress site, simply run a quick backup, wait until it’s complete and continue on.

2. Get new authentication keys and salts

Open up the following link: https://api.wordpress.org/secret-key/1.1/salt

and copy all the text in this page.

3. Edit your wp-config.php with the copied text from part (2)

Edit your wp-config.php file as you normally do and locate the section that has the text similar to that copied in part 2.

Replace all 6 lines in the file with all six lines copied from part (2). Save and replace your wp-config.php file with the new contents.

And you’re done!

Get the iControlWP Advantage Today!

Certainly this is not one of the more difficult security related tasks, but made much easier when using iControlWP if you have many websites to manage and maintain.

iControlWP lets you manage your plugins, themes, and security (and much more) across all your WordPress websites from one convenient, secure, dashboard.

And it’s free to signup. No commitments, no credit cards.

Just good WordPress management.