Replace Security Keys – aka Salts

July 21, 2021

WordPress Security Replace Security Keys – aka Salts

Video Transcript

This class is going to show you how to add and or change the WordPress security keys, also known as salts.

Most installation methods automatically create these for you. But the purpose of this lesson is to make you aware of them, show you where they are, and how to change them. If you need to. Now I’m already logged into my admin area, let’s head on over there just to show you know, when refresh, okay, so everything’s good, we’re working fine. And to access and or change the salt, you’re gonna need to log into your control panel. And in this instance, I’m going to be using cPanel.

And you want to navigate to the file manager, go to the root directory of your WordPress installation, and in my case, it’s public underscore HTML, look for the config dot php file here and need to right click or selected and then click on Edit, or right click and then click on edit in the pop up want to scroll down just a little bit. And right here where it says define on several different lines, then you’ve got the auth, key, secure, auth key, login key, and so on.

These are your security keys or salts. And just above that right up here, where it says changed these two different unique phrases. That’s what they’re calling these salts are phrases. And there’s a random bunch of characters. But if you ever suspect you’ve been hacked, this is one of the first things you should do, because this will automatically block everybody out, including those individuals or bots that have hacked your site. So let’s head on over to wordpress.org where we can generate some of these keys, go and copy that to my clipboard. Like it says here, you can change these at any point in time to invalidate all existing cookies. And this will force all users to log in again, pretty much what I just said. And here we are. This is a brand new set of those keys, everything from define all the way to the end, and you want to copy all this stuff.

And if for some reason you don’t feel comfortable with this particular set, then just refresh. It’ll keep generating new ones each time you hit the refresh key on your browser. So I’m going to go ahead and copy all this to my clipboard. Come on back into my config dot php file. And we’re going to put my cursor at the very front of the first define. And then I’m going to highlight everything all the way down to that last semicolon. And with everything selected, I’m going to right click and paste, basically overriding the original stuff, then come up and click on save changes. Now that saved come back to my dashboard and refresh. You can see that it has logged me out and that’s what we’re looking for.

And that’s gonna bring us to the end of this class on securing your WordPress site with a new set of security keys, also known as salts. Thanks for checking it out and you have a great day.

Previous Lesson

Back to Course

Next Lesson

Replace Security Keys – aka Salts

Lessons in This Course

Why Hack My Site?

Computer Security

Secure Hosting

Managed Hosting

Secure Auto Install Using cPanel

Secure Manual Install Using cPanel

Monitor Site – Uptime

Backup Plugins

Manual Backup

Security for PHP

Remove User 1

Username Trickery

Hide Admin Username

Hide Any Username

Hide Database Prefix – Method 1

Hide Database Prefix – Method 2

Replace Security Keys – aka Salts

Secure Config PHP file

Customize Log-in Error Message

Brute Force Attacks and Solutions

Remove WordPress Version Number

Has Your Site Been Hacked?

Hacked Site Cleanup

What to do After Cleanup

Site Health Tool

The Good and Bad of Plugins and Themes