What are WordPress Security Keys and Why you should add them in wp-config.php?

Updated on September 2, 2017

WordPress Security Keys will make your website tough to hack. These security keys were introduced in WordPress version 2.6. The security keys are randomly generated variables that encrypts the information stored in user’s cookie. For instance, the passwords like “wordpress” or “test123” are simple and can be easily broken. A random generated, long passwords such as “6ht78sh13hfrrtngghl219465hg” are really tough to crack. Along with these security keys, ‘salt’ has been used to improve the security of your WordPress.

Security Keys AUTH_KEYSECURE_AUTH_KEY, and LOGGED_IN_KEY were introduced in version 2.6 that ensures encryption of information stored in user’s cookies. WordPress introduced another key NONCE_KEY in version 2.7. Along with security keys, salts were added : AUTH_SALT,SECURE_AUTH_SALTLOGGED_IN_SALT, and NONCE_SALT.

Here’s an example of security keys,

define('AUTH_KEY',         't`DK%X:>xy|e-Z(BXb/f(Ur`8#~UzUQG-^_Cs_GHs5U-&Wb?pgn^p8(2@}IcnCa|');
define('SECURE_AUTH_KEY',  'D&ovlU#|CvJ##uNq}bel+^MFtT&.b9{UvR]g%ixsXhGlRJ7q!h}XWdEC[BOKXssj');
define('LOGGED_IN_KEY',    'MGKi8Br(&{H*~&0s;{k0<S(O:+f#WM+q|npJ-+P;RDKT:~jrmgj#/-,[hOBk!ry^');
define('NONCE_KEY',        'FIsAsXJKL5ZlQo)iD-pt??eUbdc{_Cn<4!d~yqz))&B D?AwK%)+)F2aNwI|siOe');
define('AUTH_SALT',        '7T-!^i!0,w)L#JK@pc2{8XE[DenYI^BVf{L:jvF,hf}zBf883td6D;Vcy8,S)-&G');
define('SECURE_AUTH_SALT', 'I6`V|mDZq21-J|ihb u^q0F }F_NUcy`l,=obGtq*p#Ybe4a31R,r=|n#=]@]c #');
define('LOGGED_IN_SALT',   'w<$4c$Hmd%/*]`Oom>(hdXW|0M=X={we6;Mpvtg+V.o<$|#_}qG(GaVDEsn,~*4i');
define('NONCE_SALT',       'a|#h{c5|P &xWs4IZ20c2&%4!c(/uG}W:mAvy<I44`jAbup]t=]V<`}.py(wTP%%');

Note: You should not use the above example. Generate your own unique keys.

How to generate unique security keys and add them to WordPress?

Step 1: Head on to WordPress security keys generator.

Step 2: The wordpress will generate unique random security keys for you.

Step 3: Copy everything and paste it in wp-config.php file under ‘ Authentication Unique Keys’ section.

That’s it. If you have logged-in to WordPress admin panel, then you’ll be asked to login again.

How can i remember this random security keys?

You need not remember. The security keys can be re-generated anytime using the above said procedure and can be added to wp-config.php anytime at the cost of logout. It means, you will have to login again to the wordpress.

Now read: WordPress Security Tips.

Was this article helpful?

Related Articles

Leave a Comment