WordPress Security Tips: Check if all security keys and salts have proper values

wordpress security tipsSecurity keys are used to ensure better encryption of information stored in the user’s cookies and hashed passwords. You don’t have to remember these keys. In fact once you set them you’ll never see them again. Therefore there’s no excuse for not setting them properly.

Security keys (there are eight) are defined in wp-config.php as constants on lines #45-52. They should be as unique and as long as possible. WordPress made a great script which helps you generate those strings. Please use it! After the script generates strings those 8 lines of code should look something like this:

define('AUTH_KEY',         'he&??~ByYhZw:)*X 6/E<8O?0S _?o<PWXoClBW?i:U$c#r=u%~(j`[+XcJ8lLbp');
define('SECURE_AUTH_KEY',  '{t1%&#w;6x#+R~5B?:NulX 9ghj$|]V`#ra%}4&OV_0&jTC?0 `-.Fik]Y%},lS6');
define('LOGGED_IN_KEY',    '~-}O9$?-KOZ(ark4{|OXfIp8ma:^7J#T)HET-*GI,ErB_%etm(x53Vj8;`al7_P!');
define('NONCE_KEY',        's0UDPTF/.[J`?<be#f]t{*D(}V&hm1*:YAaI-E+RFJ<q:iIgA&igp~AJ+uY?qDV*');
define('AUTH_SALT',        'c_KpY*b-Ld5n$YOJ^().]b,@qeNcf+p  cm?GtZ%+rZ RzZwk-djB{XF8c|B{?_Q');
define('SECURE_AUTH_SALT', '?/=K3U/Cr<=@q<8JVBH+$xe+.wu5^XS#t(m+K.u*o`N7_xy~]y#aVr])tHlZ_8X,');
define('LOGGED_IN_SALT',   '48-v^Izh[!EYMFt1+IyxjBN.e[|GM6JoJ|vJXH`L_q+{EEv+>^>}KI^h6]b{XBFo');
define('NONCE_SALT',       'iKfD73QPQ!k+:}>P29E@C{AHpFA,k(;t-+@6ewTutM4jw|eE.O#I-zT,6`-{%06g');

If you are concerned about WordPress security on your site, we encourage you to follow the full set of tips on our WordPress Security page.  And get in touch if you need help with protecting your site from hackers.