What is a WordPress Salt?
A WordPress salt is a random string of data that hashes the WordPress security keys in the wp-config.php file.
If you open your wp-config.php file, you’ll see the Authentication Unique Keys and Salts section with seven security keys.
More Information on WordPress Security Keys & Cookies
If you want to dig in a bit more to the technical explanations of WordPress secret keys and salts, here are a few helpful resources:
- The WordPress Codex – Security Keys
- The WordPress Codex – Cookies
- Wikipedia: HTTP cookie
- PHP: Cookies
- SSL and Cookies in WordPress 2.6
How to Change Your WordPress Salts
Updating your WordPress security keys on a regular basis is a great way to harden your WordPress site. While the keys are extremely difficult to break, changing them every so often adds another layer of complexity.
There are two ways to change your WordPress salts and keys:
- Manually change the security keys in the wp-config.php file
- Use a plugin to change your WordPress salts, like iThemes Security
How iThemes Security Makes it Easy to Update Your WordPress Salts & Keys
The iThemes Security plugin makes updating your WordPress keys and salts easy in two ways:
- You get a reminder every 30 days to update your keys and salts – iThemes Security will send you a dashboard reminder to update your keys and salts so you never forget.
- You can update your keys and salts straight from your WordPress dashboard – iThemes Security allows you to update your keys and salts from within the plugin, so there’s no more having to manually generate a new set of keys and edit your wp-config.php file.
Within the iThemes Security dashboard, click on the Advanced tab. On this screen, you’ll see the WordPress Salts section. Click the option to Change WordPress Salts and then click the Change WordPress Salts button. That’s it! iThemes Security will go to work updating your keys and salts for you. Just note that updating your keys & salts will force all logged in users to log in again.