Ever since WordPress 2.6.0, there are keys and salt for authentication in your wp-config.php file. They look something like this:
define('AUTH_KEY', '43.%Qo~})0$uH}jn_vD@|@?XB3p&q.b|#Li3PLJvLD&&J|t`T7oMq]5&{r$c+fr2');
define('SECURE_AUTH_KEY', 'bk3i}wgjp2@;NIz4L>14;{m@tB/bql;)Kl<cJm8P}|F;S>(+pJWPp&^U4SMz$PZ8');
define('LOGGED_IN_KEY', 'DS(v +H[dZe]bm6kFvOlu!J7LJ)?c%^qC:|2A=_zixkw`o(TT%:G?t ?_-sX7<rp');
define('NONCE_KEY', '[t%`YC7lhO[L&sIA43/:-7>ZaJP`{m2CL-+JTGPCau#>Xqng~~.*J56j{Sxh>&KD');
define('AUTH_SALT', 'X;Y:h9.`H@he$]<fNHu2xx;2J%UN~7K%[F%4y*3,G8l[,c(SwkDxi-[ +-f}[To~');
define('SECURE_AUTH_SALT', 'bq- r~2>J`!18ei/|ZGzY0hyNMxC-Be;x3lVZnGS!V>o+.>rV*ab*r|@x,]e`d#D');
define('LOGGED_IN_SALT', '8nwkt|TD2:~lkE;8q{6hXw#=3+Xz!f)+.nvs:@(g-0Sr]f`i)meWiF*vsOGL#|9]');
define('NONCE_SALT', 'XT`ejK<~|otmbqu )[w[vI=g),D+[Y=KWm@u4n=Ay_[b4YT,aTqiAmCGPAHbkt)T');
You can set these to whatever you’d like, but if you’re like me, you are not really that interested in what these actually are as long as they are long enough and sufficiently random. Instead of figuring out your own method of randomizing, WordPress has a tool set up for you to automatically regenerate these. Simply load up https://api.wordpress.org/secret-key/1.1/salt/ in your browser, and you will have a new set of keys and salt, generated and already formatted for easy pasting into your wp-config.php file. Very handy.
This is especially handy if you may have someone logged into your site that you no longer want to have access. For instance, firing an employee with access to your WordPress site, but need to keep their username active in WordPress? Go in and change the password for their user, and then reset the authentication keys and salt in the config file. This will log everyone out (so warn the rest of your users), and force them to log back in again. if the fired employee tries to log back in, their password has been changed so they won’t be able to.
*Note, this is just an idea, not a recommended security practice. I am not a security expert.
Hey there! I just wanted to ask if you ever have any trouble with hackers?
My last blog (wordpress) was hacked and I ended up losing months of hard work due to no back up.
Do you have any solutions to protect against hackers?
There are a lot of good things to do to protect against hackers. Watch for a future blog post on this as it will take some time to put them all together.
Thanks for finally writing about >Update WordPress Authentication Unique
Keys and Salt – A Little of Both <Loved it!
awesome
It’s a pity you don’t have a donate button! I’d without a doubt donate to this excellent blog!
I suppose for now i’ll settle for bookmarking and adding your
RSS feed to my Google account. I look forward to new updates and will share this
blog with my Facebook group. Chat soon!
I would be very happy if you took anything you would have donated to me and instead, donate it to your local user group or PHPWomen (http://phpwomen.org/). Thank you!