Hardening WordPress: Set Unique Auth Keys and Salts for Authentication Cookie Encryption

This article describes how to set WordPress AUTH KEY parameters in your wp-config.php file to secure your cookies. These will ensure that your authentication cookies are encrypted using unique random salts – Codeseekah has done a good write-up and explanation here.

Let’s do it.

The page https://api.wordpress.org/secret-key/1.1/salt/ will generate suitably unique and random values on the fly and will look something like this:

define('AUTH_KEY', '-p*ac:4WAYd];@(XCtrR95F9 GM..7Ty-y/K?wVq1k|U*-QaX9<Tq[$v7SwI$[oj');
define('SECURE_AUTH_KEY', '[7;l|#G27hS<$N`H@V~PM8Tj<^rV[t|Tj(IB +?%ZTUyN8|1xM(ob|[cHzxq-C(^');
define('LOGGED_IN_KEY', 'xo|R-p(9;qNK9rhR^zwU+lgvQV0oR6jgqJ8|.=np1)>dc&Qx+-2b&d30ZxeDE(|c');
define('NONCE_KEY', '0@/BT#+%IQ3S#9YQg_h=.7zhq);|,TZ3j]*2<a]UuANXpX,ZIXf:kkfyV+@6zzPq');
define('AUTH_SALT', 'W+z`<d`6}aT #feo0#;q^+:})e,oCq*9A3u6=WXxsN^{2<5@.n53wQk2qa@4QPpI');
define('SECURE_AUTH_SALT', '6Z*}0sukZof!iCs|2]7bef9tLfbfjY@R#[<K-e3kgF~mIsu?&2-uzs@c>[i-IT8v');
define('LOGGED_IN_SALT', '=9o-~qia+jLY-ByE+Bc8T-j#=YH!mE-Hz4a,i-xR~nt)zoP[E:d8: J-tC^ke!?X');
define('NONCE_SALT', 'D|/=Qk+#0X@|?1217$AJQqR9h;|NOoc_|-q${B](

Now  edit your file using vi, pico or nano etc:

# vi wp-config.php

Look for the section below which will have empty values, delete and replace with the ones you’ve generated above:

Save and exit, job done.

Warning: All you currently logged-in users will be logged out so make sure you tell them first!

Series Navigation<< Hardening WordPress: Pre-Install – Don’t Use the Default wp_ Database Table Prefix

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.