{"id":15912,"date":"2020-11-14T17:00:06","date_gmt":"2020-11-14T16:00:06","guid":{"rendered":"https:\/\/qodeinteractive.com\/magazine\/?p=15912"},"modified":"2020-11-13T13:45:56","modified_gmt":"2020-11-13T12:45:56","slug":"change-wordpress-salt-keys","status":"publish","type":"post","link":"https:\/\/qodeinteractive.com\/magazine\/change-wordpress-salt-keys\/","title":{"rendered":"How to Automatically Change WordPress Salt Keys"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column][vc_column_text]Maintaining the security of a website should be one of the top priorities of every WordPress owner. Steps for doing so include regularly updating the WordPress Core, plugins, and themes, as well as choosing a trusted hosting provider, and not using any weak passwords. With passwords, specifically login ones, WordPress uses an additional layer of protection called salt keys to shield them. WordPress salt keys play an important role in securing a site, but most WordPress users know very little about them.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]In this article, we\u2019ll take a closer look at the topic of WordPress salt keys, and we\u2019ll answer the following questions:<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;22px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#what-are-wordpress-salt-keys\">Understanding what WordPress salt keys are<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#changing-salt-keys-using-wordpress-plugin\">Changing salt keys using a WordPress plugin<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#changing-salt-keys-manually-via-ftp\">Changing salt keys manually via FTP<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"what-are-wordpress-salt-keys\"><\/a>Understanding what WordPress salt keys are<\/h2>\n<p>[\/vc_column_text][vc_column_text]When a user logs into a WordPress website using their login credentials, they can choose whether to remain logged in. If you do, this information is then stored in cookies, to make staying logged in possible. But, even though this is quite convenient, it\u2019s a potential danger if the cookies are exposed. As such, WordPress uses a combination of salts and authentication\/security keys to secure WordPress login information.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]A WordPress security key is created by transforming your password into a long, random, alpha-numerical variable. And if anyone discovers the variable, it is nearly impossible to figure out the original password from it.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]WordPress salt keys (or salts) are elements used in cryptography. They work by <a href=\"https:\/\/en.wikipedia.org\/wiki\/Cryptographic_hash_function\" target=\"_blank\" rel=\"noopener noreferrer\">hashing<\/a> the corresponding security keys into random strings of alphanumeric characters. This makes them an essential feature for information security. They are present in all kinds of applications, and salts are even used to sign your website\u2019s cookies. As such, you should never disclose your WordPress security keys and salts as, with them, some malicious users could decipher your password and possibly endanger your website.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]WordPress salts and security keys are located in the wp-config.php file, within the <em>Authentication Unique Keys and Salts<\/em> section. There are four security keys, followed by four corresponding salts.[\/vc_column_text][vc_empty_space height=&#8221;50px&#8221;]<div class=\"qodef-single-image-holder   qodef-has-border \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"374\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/Salts-and-Security-Keys.jpg\" class=\"attachment-full size-full\" alt=\"Salts and Security Keys\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/Salts-and-Security-Keys.jpg 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/Salts-and-Security-Keys-300x160.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/Salts-and-Security-Keys-620x331.jpg 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]Every new WordPress installation comes with its own unique set of security keys and salts. This ensures the security of a default WordPress installation. However, there are various reasons why you should change them periodically.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]First, by doing so, you are actively working to prevent malicious actions against your website. For example, every time you change your salts and security keys, all logged-in users will be logged out. So, if you accessed your WordPress dashboard using a public computer recently and, accidentally, remained logged in, changing your salts and keys is highly advisable as it will forcefully log you out. And if you suspect that your security has been breached by hackers, you should change your salts and security keys. This will log out anyone that has access, and you can later advise all your users to <a href=\"https:\/\/qodeinteractive.com\/magazine\/recover-wordpress-password\/\">change their passwords<\/a>. Please note, changing your salts and keys is NOT the same as changing your WordPress login password.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Given that there are so many benefits to being able to change WordPress salts and security keys, it\u2019s unfortunate that there isn\u2019t any built-in way to change them within WordPress. But, that\u2019s what we\u2019re here for\u2014to guide you when you have to step off the beaten path. So, let\u2019s move on to the how-to\u2019s of this article and see what approaches you can take.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;80px&#8221;][vc_widget_sidebar sidebar_id=&#8221;new-top-picks-banner&#8221;][vc_empty_space height=&#8221;81px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\">How to change WordPress salt and security keys<\/h2>\n<p>[\/vc_column_text][vc_column_text]You can change WordPress salts and security keys either using an appropriate WordPress plugin or by manually editing the wp-config.php file. We will show you both methods in this article, and you can decide which one to use. You\u2019ll see from the instructions below that both are quite easy.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\"><a id=\"changing-salt-keys-using-wordpress-plugin\"><\/a>Changing salt keys using a WordPress plugin<\/h3>\n<p>[\/vc_column_text][vc_column_text]Thanks to WordPress and various third-party developers, there is a multitude of plugins you can install for various purposes. In the case of changing WordPress salts and security keys, you can take a look at some of the available <a href=\"https:\/\/wordpress.org\/plugins\/search\/security\/\" target=\"_blank\" rel=\"noopener noreferrer\">security plugins<\/a>. They will most likely have suitable options for changing your salts and keys, and it\u2019s helpful to examine them first as most users have some kind of security plugin already installed. Alternatively, you can try to look for plugins built specifically for changing WordPress salts and security keys. For this article, we have chosen to show you the latter. The plugin we will be using in our examples is the <a href=\"https:\/\/wordpress.org\/plugins\/salt-shaker\/\" target=\"_blank\" rel=\"noopener noreferrer\">Salt Shaker plugin<\/a>.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]After <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-install-a-wordpress-plugin\/\">installing the plugin<\/a>,<strong> navigate to Tools &gt; Salt Shaker<\/strong>. To change the security and salt keys, simply <strong>press the <em>Change Now<\/em> button<\/strong>. This will immediately change the keys for you.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]<strong>If you want to enable automated changes, you should tick the checkbox under the <em>Scheduled Change:<\/em> section before pressing the <em>Change Now<\/em> button<\/strong>. You can also choose how often the automated keys change should occur: daily, monthly, quarterly, or biannually.[\/vc_column_text][vc_empty_space height=&#8221;50px&#8221;]<div class=\"qodef-single-image-holder   qodef-has-border \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"374\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/Salt-Shaker.jpg\" class=\"attachment-full size-full\" alt=\"Salt Shaker\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/Salt-Shaker.jpg 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/Salt-Shaker-300x160.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/Salt-Shaker-620x331.jpg 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]After pressing the <em>Change Now<\/em> button, you will see the following success message:<em> Keys have been updated, you\u2019ll be redirected to the login page in a few seconds.<\/em> Then you will be logged out and redirected to the WordPress login page.[\/vc_column_text][vc_empty_space height=&#8221;50px&#8221;]<div class=\"qodef-single-image-holder   qodef-has-border \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"374\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/Salt-Shaker-2.jpg\" class=\"attachment-full size-full\" alt=\"Salt Shaker\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/Salt-Shaker-2.jpg 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/Salt-Shaker-2-300x160.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/Salt-Shaker-2-620x331.jpg 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;82px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\"><a id=\"changing-salt-keys-manually-via-ftp\"><\/a>Changing salt keys manually via FTP<\/h3>\n<p>[\/vc_column_text][vc_column_text]As this method requires <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-use-ftp\/\">the use of FTP<\/a>, we advise brushing up on your knowledge of it before proceeding. Also, you should <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-backup-wordpress-files\/\">make a backup of your WordPress files<\/a>, just in case. It\u2019s best not to take any chances with your site since this method requires you to edit the wp-config.php file. When you have everything ready, you can proceed as described below.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]First, <strong>connect to the server<\/strong> using your FTP credentials and <strong>navigate to your root WordPress directory<\/strong>, often called public_html. <strong>Find the wp-config.php file<\/strong> within, <strong>right-click on it<\/strong> and <strong>select the <em>View\/Edit<\/em> option<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;50px&#8221;]<div class=\"qodef-single-image-holder   qodef-has-border \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"480\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP.jpg\" class=\"attachment-full size-full\" alt=\"FTP\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP.jpg 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP-300x206.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP-620x425.jpg 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]<strong>Open the file<\/strong> using your preferred text editor and <strong>locate the part with your authentication and salt keys.<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;50px&#8221;]<div class=\"qodef-single-image-holder   qodef-has-border \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"374\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP-2.jpg\" class=\"attachment-full size-full\" alt=\"FTP 2\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP-2.jpg 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP-2-300x160.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP-2-620x331.jpg 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]Then, <strong>delete those keys<\/strong> and <strong>navigate to the <a href=\"https:\/\/api.wordpress.org\/secret-key\/1.1\/salt\/\" target=\"_blank\" rel=\"noopener noreferrer\">salt keys generator<\/a><\/strong>, provided by WordPress.org.[\/vc_column_text][vc_empty_space height=&#8221;50px&#8221;]<div class=\"qodef-single-image-holder   qodef-has-border \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"374\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP-3.jpg\" class=\"attachment-full size-full\" alt=\"FTP 3\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP-3.jpg 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP-3-300x160.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP-3-620x331.jpg 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]<strong>Copy the code from that page<\/strong> and <strong>paste it into the wp-config.php file<\/strong>, in the same place where the old keys were located.[\/vc_column_text][vc_empty_space height=&#8221;50px&#8221;]<div class=\"qodef-single-image-holder   qodef-has-border \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"374\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP-4.jpg\" class=\"attachment-full size-full\" alt=\"FTP 4\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP-4.jpg 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP-4-300x160.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/11\/FTP-4-620x331.jpg 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]Afterward, <strong>save the changes<\/strong> you made and <strong>upload the file back to your server<\/strong>. This will override the file with the old keys that is currently on your server.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]As we mentioned before, after changing the WordPress salt keys you will be logged out of your admin dashboard and redirected to the login screen. So, you will need to <strong>log in with your credentials to continue managing your WordPress website<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\">Final Thoughts<\/h2>\n<p>[\/vc_column_text][vc_column_text]WordPress salts and security keys represent a way of securing website login passwords against potential hackers. Even though they are set by default when a website is created, we advise periodically changing them. To do so, you can use either of the two methods we outlined in this article. Keep in mind that changing the WordPress salt keys will log you out of your WordPress dashboard, as the change invalidates any stored website cookies. And don\u2019t forget to notify any users you have so they can log back in and change their passwords if necessary.<br \/>\n[\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>WordPress salt keys are one of the essentials of ensuring your site security is tight. If yours have been compromised, learn how to change them quickly.<\/p>\n","protected":false},"author":11229,"featured_media":15990,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[34,4,13],"class_list":["post-15912","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials","tag-security","tag-tips","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts\/15912","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/users\/11229"}],"replies":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/comments?post=15912"}],"version-history":[{"count":0,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts\/15912\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/media\/15990"}],"wp:attachment":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/media?parent=15912"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/categories?post=15912"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/tags?post=15912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}