If you are using WordPress and did a little reading about WordPress Security, then you should have seen a mention of WordPress Security Keys (Secret Keys). In this article, we will explain the what, why, and hows of WordPress Security Keys for WordPress Beginners.
What are WordPress Security Keys?
WordPress Security Keys is a set of random variables that improve encryption of information stored in the user’s cookies. There are a total of four security keys: AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, and NONCE_KEY
Why use WordPress Security Keys?
These security keys makes it harder to crack your password. A non-encrypted password like “username” or “wordpress” can be easily broken, but a random, unpredictable, encrypted password such as “88a7da62429ba6ad3cb3c76a09641fc” takes years to come up with the right combination. You should use WordPress Security keys to increase security of your WordPress powered blogs or websites.
How to use WordPress Security Keys on my site?
Self-hosted WordPress blogs does not have the Security Keys defined. You would need to add these yourself. It is a very simple and easy process, that you should be able to do as long as you know how to use FTP.
First, you would need to get your own unique Secret Key. WordPress has a random generator that can give you these secret keys. We recommend that you use that rather than inventing your own.
Second step is to modify your wp-config.php (file). You will find this file located in your WordPress root folder (the same folder where your wp-content and other folders are stored). In your wp-config.php file on line 45, you should see something like this:
Simply take your security key that we grabbed in step 1 and paste them accordingly in the following lines.
Save your wp-config.php file, and you are done. If you were logged into your WordPress admin panel, then you will be asked to log back in again.
Other Frequently Asked Questions (FAQs)
Do I have to remember my Security Keys?
No, you do not have to remember the security key. You have to paste it once in the wp-config.php file and that is it.
- WordPress 2.8.4 – A Crucial Security Release
- How to Reset a WordPress Password from phpMyAdmin
- WP Security – WordPress File Monitor Plugin