Easily Change WordPress Security Keys & Salts with iThemes Security
The latest version of iThemes Security includes a new time-saving security feature: the ability to easily change WordPress security keys and salts. To take advantage of this new feature, you'll need to be running iThemes Security v4.6+ or iThemes Security Pro v1.14+. You'll find the latest versions available as an automatic update from the WordPress dashboard (for free and licensed Pro sites) or as a manual download from the iThemes Member Panel (for Pro users).
A Brief Overview of WordPress Keys & Salts
To understand WordPress keys and salts, we first need to go over cookies. WordPress uses cookies (or information stored in your browser) to verify the identity of logged in users and commenters. To better protect and ensure encryption of the login information stored in your WordPress cookies, WordPress includes secret authentication keys and salts in your wp-config.php file. Essentially, these are additional passwords for your site that are long, random and complicated—so they’re nearly impossible to break. If you want to dig in a bit more to the technical explanations of cookies, secret keys and salts, you can check out these resources:Changing Your Keys Every Now & Then Adds An Extra Layer of Ongoing Protection
Updating your keys and salts on a regular basis is another way to harden WordPress. Again, while the existing keys are extremely difficult to break, changing them every so often adds another layer of complexity. Updating your keys & salts will force all logged in users to log in again, because changing them automatically invalidates the login of any user logged in to the site. For example, if you have any suspicions of trouble, updating your keys and salts will force the logout and reauthentication of all user logins. If someone with higher-level access to your site accidentally clicks “remember me” in their browser (say on a public computer), no unauthorized user will be able to gain access to the site due to information stored in the same browser.How to Change Your WordPress Keys & Salts – The Manual Method
Before this update to iThemes Security, updating your keys and salts required you to manually edit your wp-config.php file. Here’s an explanation of what’s involved in making this change on your own: 1. As always, before you make any changes to important core files on your site, make a backup of your site with BackupBuddy. With BackupBuddy, you can even easily restore a single file, so you don’t have to worry if something goes wrong while making this edit. 2. Using an FTP client, open your wp-config.php file and locate the Authentication Unique Keys and Salts section.
3. Generate new keys using this secret key and salts generator from the WordPress API. Copy the new keys information from the generator.
4. Paste the new information into your wp-config.php file to overwrite the existing set. Save the file.
How iThemes Security Makes it Easy to Update Your WordPress Keys & Salts
iThemes Security makes updating your WordPress keys and salts easier by allowing you to do so from your WordPress dashboard. There’s no more having to manually generate a new set of keys and edit your wp-config.php file.Update Your Keys & Salts with Two Clicks
Within the iThemes Security dashboard, click on the Tools icon in the lower left cover of the menu. Locate the Change WordPress Salts section then click the Run button.
That’s it! iThemes Security will go to work updating your keys and salts for you. Again, note that updating your keys & salts will force all logged in users to log in again.
Get iThemes Security Pro
With iThemes Security Pro, you get great additional features to secure your WordPress site, including:- Two-Factor Authentication – Easily add two-factor authentication to your WordPress site with Google Authenticator and iThemes Security Pro.
- reCAPTCHA – Integrate Google’s new reCAPTCHA with your WordPress site to add an extra layer of protection to your WordPress login pages.
- And lots more! Check out all the iThemes Security Pro features.
Get Release Notes for SolidWP products delivered right to your inbox.
Sign up
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed
