When it comes to website security, your login page is one of your first lines of defense. The majority of people (and bots) who try and break into your site will do so through this one page.<\/p>\n\n\n\n
The strength of your password is the number-one factor that determines what kind of defense your login page puts up. Stronger passwords<\/a> are harder for attackers to crack, but you can further protect your password from hackers by using SALT keys. <\/p>\n\n\n\n In this article, we\u2019ll discuss what WordPress SALT keys are and why you should use them on your site. We\u2019ll then show you how to generate new SALT keys, both manually and by using a plugin. Let\u2019s get started!<\/p>\n\n\n\n\n\n SALT keys are a cryptographic tool used to secure your website\u2019s login page by “hashing” your password. This scrambles the password into a meaningless string of characters that\u2019s even harder for attackers to crack.<\/p>\n\n\n\n WordPress comes with SALT keys<\/a> by default, and they are located in your site\u2019s wp-config.php<\/em> file. These SALTs are random strings of data that protect the four security keys WordPress uses. <\/p>\n\n\n\n When you log in to WordPress, you have the option to remain logged in long term. To achieve this, WordPress stores your login data in cookies instead of in a PHP session<\/a>. Malicious individuals can hijack your cookies through various means, leaving your website vulnerable. <\/p>\n\n\n\n To make it harder for attackers to use cookie data, you can take advantage of SALT keys. WordPress SALT keys encrypt your password, making it harder to guess. What\u2019s more, it\u2019s next to impossible for hackers to simply “unscramble” the result in order to get at the original password.<\/p>\n\n\n\n While SALT keys make passwords harder to crack, they are not invincible. This is why you should change your SALT keys periodically, making it even harder for attackers to break them. To change your website\u2019s SALT keys, you can use a plugin or a manual method.<\/p>\n\n\n\n To change your SALT keys, you\u2019ll need to generate new keys first. The easiest method is to use a plugin, but you can also generate SALTs manually. Below, we\u2019ll look at both techniques.<\/p>\n\n\n\n Salt Shaker<\/a> is a free WordPress plugin that enables you to automatically generate and change WordPress SALT keys:<\/p>\n\n\n\n You can download and activate the plugin via the WordPress Plugin Directory, or in your dashboard\u2019s Plugins<\/em> page.<\/p>\n\n\n\n After activating the plugin, navigate to Tools<\/em> > Salt Shaker<\/em>, where you will find all of its settings:<\/p>\n\n\n\n You will need to check the box to automate SALT key generation and changes.<\/p>\n\n\n\n After enabling automatic SALT changes, you\u2019ll need to choose their frequency. Using the drop-down menu, select how often you want the SALT keys to update: <\/p>\n\n\n\n The frequency you choose will depend on your website\u2019s needs. The more sensitive data you handle, the more often you\u2019ll want your SALT keys to change. However, daily changes are generally considered overkill for most websites. <\/p>\n\n\n\n After choosing your frequency, click on the Change Now<\/em> button. This will save your settings and start the automated process.<\/p>\n\n\n\n To change your SALT keys only once, you should first deselect the checkbox. You can then hit the Change Now<\/em> button.<\/p>\n\n\n\n If you don\u2019t want to use a plugin, you can manually generate and change your SALT keys instead. To do this, you\u2019ll use the WordPress SALT keys API<\/a> to generate new keys for your website:<\/p>\n\n\n\n All the keys you need will be automatically generated. You\u2019ll just need to replace them in the wp-config.php<\/em> file. You can copy the entire generated code, or copy each key individually.<\/p>\n\n\n\n To replace your SALT keys, you will need to open the wp-config.php<\/em> file for your website. Remember to back up your site<\/a> before doing this, and use a staging environment<\/a>.<\/p>\n\n\n\n You can use a File Transfer Protocol (FTP) client<\/a> to navigate to the root directory of your website, and locate wp-config.php<\/em>. When opening the file, you should use the View\/Edit<\/em> option in your FTP client. <\/p>\n\n\n\n After opening your wp-config.php<\/em> file, you\u2019ll need to locate the \u201cAuthentication Unique Keys and Salts\u201d section:<\/p>\n\n\n\n The SALT keys in the file are your current ones, and you need to replace them with your newly-generated keys. When pasting in the new keys, be careful to not change any other parts of this file. <\/p>\n\n\n\n After replacing the SALT keys, you\u2019ll need to save your changes to the file and close it. Your FTP client will generally ask if you want to replace your existing file with the new version. Choose \u201cYes\u201d, and you\u2019re all done.<\/p>\n\n\n\n WordPress SALT keys add an extra layer of protection to your passwords, but attackers can crack them given enough time. You can halt any progress they have made by changing your SALT keys periodically.<\/p>\n\n\n\n The frequency of this change will vary depending on the traffic to your website. Daily and weekly changes are generally considered too frequent for most websites. On the other hand, biannual or annual changes may be too infrequent if you have a high-traffic website. The sweet spot is to change your SALT keys every month or quarter.<\/p>\n\n\n\n WordPress SALT keys are an invaluable addition to your website. However, they are not invincible, and changing them provides you with the best protection. You can change these keys manually using the WordPress SecretKeys API<\/a>, or with a plugin like Salt Shaker<\/a>.<\/p>\n\n\n\n You can also boost the security of your website by using the right web host. This leaves you with more time to focus on website development<\/a>. WP Engine’s secure WordPress hosting<\/a> can offer you this advantage and more. <\/p>\n\n\n\n Check out our plans<\/a> and resources if you want to create your next website on a highly performant WordPress hosting<\/a> platform!<\/p>\n","protected":false},"excerpt":{"rendered":" When it comes to website security, your login page is one of your first lines of defense. The majority of people (and bots) who try and break into your site will do so through this one page. The strength of your password is the number-one factor that determines what kind of defense your login page…<\/span><\/span><\/p>\n","protected":false},"author":1,"featured_media":147755,"template":"","resource-topic":[912,909],"resource-role":[895,896,899],"resource-type":[916],"class_list":["post-102985","resource","type-resource","status-publish","has-post-thumbnail","hentry"],"yoast_head":"\nWhat are SALT Keys in WordPress?<\/h2>\n\n\n\n
Why Use SALT Keys in WordPress?<\/h2>\n\n\n\n
How Do I Change My SALT Keys in WordPress?<\/h2>\n\n\n\n
How to Generate New SALT Keys: 2 Methods<\/h2>\n\n\n\n
Method 1: Using a SALT Key Plugin<\/h3>\n\n\n\n
Step 1: Download the Plugin<\/h4>\n\n\n\n
Step 2: Enable Automatic SALT Changes<\/h4>\n\n\n\n
Step 3: Select the Change Frequency<\/h4>\n\n\n\n
Step 4: Save Your Changes<\/h4>\n\n\n\n
Method 2: Manually Changing Your SALT Keys<\/h3>\n\n\n\n
Step 1: Navigate to the SALT keys API<\/h4>\n\n\n\n
Step 2: Open Your wp-config.php<\/em> File<\/h4>\n\n\n\n
Step 3: Replace the SALT Keys<\/h4>\n\n\n\n
Step 4: Save Your Changes<\/h4>\n\n\n\n
How Often Should I Change my SALT Keys?<\/h2>\n\n\n\n
Keep Your Site Safe With WP Engine<\/h2>\n\n\n\n