WordPress Security Keys

Last Revised: October 2, 2021

When you enter your WordPress user panel, or leave a comment, certain data is usually saved in cookies. If the data was not encrypted, something like your email account or your username could appear, being something that would easily detect who you are.

Since version 2.6.0 of WordPress, there are small algorithms to encrypt that data and make it more complex to know who you are or how to access your user. To do this you have to configure the following elements in your configuration file [wp-config.php]. You can create your own keys, although it is best to use a tool that generates random and complex codes from the direction of the WordPress Secret Key. This will make you appear some codes similar to these:

define('AUTH_KEY', 'v4QcpUh8S4uBjW7CCHLaMwQYUxsaJE4d8bDS');
define('SECURE_AUTH_KEY', 'a2vgj6zKCcbveWuGacVLhS4X7XWqP9Gy5sWq');
define('LOGGED_IN_KEY', 'ECkrCQaDyke6uvhHJ3SunY2a38t363eWYbBH');
define('NONCE_KEY', 'bDK6Lz4KVeTVAnhctZZP5aNCgjEz8auA6nKc');
define('AUTH_SALT', 'LG6xqeQve7MWZHEZaDSdNRkJ8KmVSGGhHgga');
define('SECURE_AUTH_SALT', 'jrhya2UmbNtAY4BTNukXEJ2e9VgMX499FMgA');
define('LOGGED_IN_SALT', 'Mp14>0/]G@31||{yPjt}$!lbd:Vz9Dec:FRY8uYD1Eg6.hDW2+P+l{[|V1@Yii<)2d1Z');

Change and update

Although in principle it should not be necessary to change the Security Keys, if you want to force users to access and change their cookies with some frequency, you can cause this process. A simple way is to get into yourself wp-config.php and update those lines. It’s that simple; the other option is to automate this change, although for this you will require the installation of a plugin and give access to the system to be able to modify the configuration file.

The plugin in question is Salt Shaker and basically does that, change as often as you indicate the security codes.

This plugin also has a version to run in CLI directly without installing any plugin, although it will make the change in all the files it finds wp-config.php on the server, so if you are going to use this you have to know very well what you are doing.

sudo wget -qO wpsucli https://git.io/vykgu && sudo chmod +x ./wpsucli && sudo install ./wpsucli /usr/local/bin/wpsucli

Once you have it installed, you just have to go to the root folder of the system and make the call:

cd /
wpsucli

Seguir con Seguridad para WordPress


About this document

This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.