How does your WordPress site knows it’s you that’s logged in and not someone else?
WordPress stores this information in a cookie (in your browser) – if you’re logged into a WordPress site, your cookie will identify you .
To help protect your ‘session’, WordPress uses keys and salts to encrypt it and reduce chances of your account being compromised.
With enough time, information, your cookies can be forged and hijacked eventually, so it’s a good idea to regularly update your Authentication Keys and Salts.
By the end of this article you will know a bit more about what WordPress Authentication keys and salts are, and how you can change them easily.
What are the WordPress Authentication Keys and Salts?
As already outlined, the WordPress Authentication Keys and Salts help protect your website from intrusion by encrypting the information that identifies you with the site.
These keys and salts are defined in your wp-config.php
file.
It is recommended that you update these keys regularly and especially if you suspect that someone has gained unintentional access to the site. It’s quite easy to do too.
Remember: When you update your keys and salts, all existing login sessions on the site will be terminated – that is to say, everyone will need to login again.
How to update the WordPress Authentication Keys and Salts – the easy way
iControlWP has a growing collection of security tools designed to make protecting your WordPress sites easier to do. iControlWP‘s strength lies in its ability to run actions across all your websites in bulk, and resetting WordPress Authentication Keys and Salts is just one of them.Resetting your keys and salts on any site is as easy as clicking a button (see image), and you even have the option to select all or some of your sites at once and run the reset tool.
If you don’t have a free iControlWP account you can of course do this manually, and its one of the easier security tasks to perform.
But, you’ll want to do this regularly, which is where iControlWP shines, as it removes the manual work altogether.
So head on over to your free iControlWP account and give it a go!
How to update the WordPress Authentication Keys and Salts – the hard way
There are 3 steps to resetting the keys and salts…
1. Backup your WordPress database and wp-config.php file
If you’re running WorpDrive on your WordPress site, simply run a quick backup, wait until it’s complete and continue on.
2. Get new authentication keys and salts
Open up the following link: https://api.wordpress.org/secret-key/1.1/salt
and copy all the text in this page.
3. Edit your wp-config.php with the copied text from part (2)
Edit your wp-config.php
file as you normally do and locate the section that has the text similar to that copied in part 2.
Replace all 6 lines in the file with all six lines copied from part (2). Save and replace your wp-config.php file with the new contents.
And you’re done!
Get the iControlWP Advantage Today!
Certainly this is not one of the more difficult security related tasks, but made much easier when using iControlWP if you have many websites to manage and maintain.
iControlWP lets you manage your plugins, themes, and security (and much more) across all your WordPress websites from one convenient, secure, dashboard.And it’s free to signup. No commitments, no credit cards.
Just good WordPress management.
Nice addition to the iControlWP security functionality.
View CommentThanks Ed, glad you like it!
View CommentThere’s much more to come 🙂
i have two files one is config.php and the other one is config-sample.php.. i dont from where is comes… but let me know which one to change
View CommentThe one you need to change is wp-config.php. You can just delete the sample…
View CommentAbsolutely great tutorial! Cristal clear, to the point.Thank you so much!!
View Comment