Complete guide to WordPress salts and security keys

What are Salt keys?

WordPress salts and security keys are cryptographic tools that help to secure your WordPress site's login using encryption. These two secure the information in the cookies that WordPress uses while logging into the account.

When you are logged into your WordPress account, WordPress asks you if you would like to save the login credentials so that you do not have to enter them every time you log in. WordPress does so by using cookies. It makes the WordPress login easier and less time-consuming. At the same time, it also makes it easier for hackers to hack into your account. That's where the role of WordPress salts and security keys comes in. It makes an extra layer of security for your account. 

Where are they located and how do they work?


The security keys and the WordPress salts are located in the file named wp-config. The section shown below contains the security keys and WordPress salts. The first 4 entries are the security keys and the last 4 entities are the WordPress salts.

  Let's understand the working of salt keys with an example. Suppose, your user name and password for your WordPress login are 'my username and 'my password. Then your browser saves all the login information as cookies so that you stay logged in. But if your browser saves your password as plain text i.e. as 'my password', then it will be much easier for the hacker to hack into your website. To avoid this issue WordPress saves your password as encrypted keys and these keys are known as WordPress Salts and WordPress Keys. This encryption is very hard to crack and that's why it makes a hacker's job harder. Unless a person has access to your salts and security keys, it will be hard for him/her to hack into your website.

       To make sure that your site is more secure, you need to change the WordPress salts and security keys at regular intervals.

How to change your WordPress salts?

You can change your WordPress salts by using any of the methods given below:

1. by editing your wp-config.php file
2. by the help of a free plugin

1. By editing the wp-config.php file

  • First, connect to your site's server and find the wp-config.php file.
  • Then go to Wordpress.org salt generator. This page will randomly generate a set of WordPress salts and security keys.

  • Then open the wp-config.php file. Delete the previous 8 keys and replace these with the new ones.   


That's it you have successfully changed the security key and the WordPress salts.

2. With the help of a free plugin

You can install a popular plugin named Salt Shaker that will do the work for you.
First, install and activate the plugin.
After you install the plugin then go to Tools>Salt Shaker.



You can change the salts both manually or by scheduling it. If you want to manually change your salts then click on the Change Now button. Or, use the Scheduled Change button to change the salts on the following schedules:

  • Daily
  • Weekly
  • Monthly
  • Quarterly
  • Biannually

This is how you can change the WordPress salts and security keys.

Did you find this article useful?