If you want to greatly increase the security of your WordPress site, here’s an easy technique for you to employ. Although it’s been around since version 2.6, we see it rarely used by site owners and it’s worth revisiting.
When you log into WordPress a cookie is created. A cookie is a little bit of data that can help do a number of important tasks including keeping track of who is logged in and who’s not. Some personal and private information may stored inside the cookie including your username, time of your login and the site’s URL. A hacker may attempt to crack your cookies and run automated software to attempt various common password combinations; if they get it right they’ll have access to your site and will exploit it at will.
You can dramatically increase the security of your cookies, making them much harder to crack, simply by creating secret keys. Once you create these keys you won’t need to remember or keep track of them making this a pain-free technique and one you can accomplish in 5 minutes. WordPress has four secret keys that you’ll create:
NONCE_KEY and 4 SALTS that are optional. Let’s get started.
FTP to your web server and open
wp-config.php. Scroll down to line 45 and find this:
You’ll be putting your keys where it says ‘put your unique phrase here’. Be sure to keep single quote marks around your keys.
Automatically generate unique, random keys by visiting https://api.wordpress.org/secret-key/1.1/salt/.
Copy and paste into
wp-config.php, then save your file back to the server.
You may have noticed that the keys shown here don’t match the ones generated above, this is an example only
That’s it! Although there are a million ways to get hacked, you just prevented a big one.