Last Revised: October 2, 2021
When you enter your WordPress user panel, or leave a comment, certain data is usually saved in cookies. If the data was not encrypted, something like your email account or your username could appear, being something that would easily detect who you are.
Since version 2.6.0 of WordPress, there are small algorithms to encrypt that data and make it more complex to know who you are or how to access your user. To do this you have to configure the following elements in your configuration file [wp-config.php
]. You can create your own keys, although it is best to use a tool that generates random and complex codes from the direction of the WordPress Secret Key. This will make you appear some codes similar to these:
define('AUTH_KEY', 'v4QcpUh8S4uBjW7CCHLaMwQYUxsaJE4d8bDS');
define('SECURE_AUTH_KEY', 'a2vgj6zKCcbveWuGacVLhS4X7XWqP9Gy5sWq');
define('LOGGED_IN_KEY', 'ECkrCQaDyke6uvhHJ3SunY2a38t363eWYbBH');
define('NONCE_KEY', 'bDK6Lz4KVeTVAnhctZZP5aNCgjEz8auA6nKc');
define('AUTH_SALT', 'LG6xqeQve7MWZHEZaDSdNRkJ8KmVSGGhHgga');
define('SECURE_AUTH_SALT', 'jrhya2UmbNtAY4BTNukXEJ2e9VgMX499FMgA');
define('LOGGED_IN_SALT', 'Mp14>0/]G@31||{yPjt}$!lbd:Vz9Dec:FRY8uYD1Eg6.hDW2+P+l{[|V1@Yii<)2d1Z');
Change and update
Although in principle it should not be necessary to change the Security Keys, if you want to force users to access and change their cookies with some frequency, you can cause this process. A simple way is to get into yourself wp-config.php
and update those lines. It’s that simple; the other option is to automate this change, although for this you will require the installation of a plugin and give access to the system to be able to modify the configuration file.
The plugin in question is Salt Shaker and basically does that, change as often as you indicate the security codes.
This plugin also has a version to run in CLI directly without installing any plugin, although it will make the change in all the files it finds wp-config.php
on the server, so if you are going to use this you have to know very well what you are doing.
sudo wget -qO wpsucli https://git.io/vykgu && sudo chmod +x ./wpsucli && sudo install ./wpsucli /usr/local/bin/wpsucli
Once you have it installed, you just have to go to the root folder of the system and make the call:
cd /
wpsucli
Seguir con Seguridad para WordPress
Actual
- wp-config.php
- Security Keys
- Cookies
- Cabeceras inconvenientes
- Unificar CSS y JavaScript
- Ocultar la versión de WordPress
- Caché
- Carpetas por defecto
- Post instalación
- Edición de ficheros
- URL del sitio
- Servidores externos
- XML-RPC
- Acceso a wp-admin
- Actualizaciones automáticas
- Usuarios
- Limpieza de multimedia
- robots.txt
- Plantilla por defecto
- Emoji
- Subir ficheros sin filtro
About this document
This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.