5 Minute Security Upgrade: Set your secret keys

If you want to greatly increase the security of your WordPress site, here’s an easy technique for you to employ. Although it’s been around since version 2.6, we see it rarely used by site owners and it’s worth revisiting.


When you log into WordPress a cookie is created. A cookie is a little bit of data that can help do a number of important tasks including keeping track of who is logged in and who’s not. Some personal and private information may stored inside the cookie including your username, time of your login and the site’s URL. A hacker may attempt to crack your cookies and run automated software to attempt various common password combinations; if they get it right they’ll have access to your site and will exploit it at will.

Cookie Security

You can dramatically increase the security of your cookies, making them much harder to crack, simply by creating secret keys. Once you create these keys you won’t need to remember or keep track of them making this a pain-free technique and one you can accomplish in 5 minutes. WordPress has four secret keys that you’ll create: AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY and NONCE_KEY and 4 SALTS that are optional. Let’s get started.

Step 1

FTP to your web server and open wp-config.php. Scroll down to line 45 and find this:

You’ll be putting your keys where it says ‘put your unique phrase here’. Be sure to keep single quote marks around your keys.

Step 2

Automatically generate unique, random keys by visiting https://api.wordpress.org/secret-key/1.1/salt/.


Copy and paste into wp-config.php, then save your file back to the server.

config-keyYou may have noticed that the keys shown here don’t match the ones generated above, this is an example only

That’s it! Although there are a million ways to get hacked, you just prevented a big one.

Leave a Reply

Your email address will not be published. Required fields are marked *

See if Cinch is right for you.

Ask us anything. Seriously. Like, what is the air speed velocity of an unladen swallow?

Start a chat right now

Or go ahead and Sign up now