What Are WordPress Security Keys

Looking for a way of making WordPress more secure? Then you might want to look into WordPress security keys. This is a technology added in WordPress 2.7 that makes it harder to crack your password. Since its introduction, it has been improved upon so it is a good idea to make sure your wp-config.php file is rocking this to make your website more secure.

How to Enable to WordPress Security Keys

The first thing you will need to do is grab the wp-config.php file from your WordPress installation. This can be done via cPanel‘s file manager or via your favorite FTP program. The wp-config.php file is located in your WordPress root folder.

Open the wp-config.php file in a text editor and scroll down until you see “Authentication Unique Keys” mentioned. They will look something like this:

  • define(‘AUTH_KEY’, ‘put your unique phrase here’);
  • define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
  • define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
  • define(‘NONCE_KEY’, ‘put your unique phrase here’);
  • define(‘AUTH_SALT’, ‘put your unique phrase here’);
  • define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
  • define(‘LOGGED_IN_SALT’, ‘put your unique phrase here’);
  • define(‘NONCE_SALT’, ‘put your unique phrase here’);


Now, all you need to do is copy and replace your own unique keys into your wp-config.php file.

Where can you get your own unique set of secret keys? Use the generator:


that WordPress provides on their website.

Once you have made the changes and replaced the secret key information, re-upload your wp-config.php file back into your WordPress root folder. WordPress is now a little more secure.

Why Doesn’t WordPress do This by Default?

WordPress actually does handle this out of the box. WordPress will generate its own keys, and store it in the options table in the database. However, this is not as secure as generating your own secret keys.

Your doomsday scenerio would be like this. Maybe a hacker has access to your databases but not your files. If you did not set your security keys in your wp-config.php file – the hacker could see these vaules within your WordPress database. This would make it just that much easier for a hacker to get complete access to your WordPress powered website.

Remember, there is no need for you to remember your security keys. Once they have been added to your wp-config.php file – you are done. If needed, you can always replace the security keys with a newly generated set of keys. There will be no impact to your website.

WordPress security keys are one more option you have as a WordPress webmaster to secure your blog. There is no doubt that you should use the WordPress security keys to increase the security of your WordPress powered website.

1 thought on “What Are WordPress Security Keys”

  1. I changed my keys using for each a randomly generated 69 digit key. I saved the file, then tried to access the site. Apache was running, but the site wasn’t available. I had to remove them in order to get the site backup. What am I missing? Is the 69 digit to many? This is an existing install that has been up for a couple years. Thanks in advance.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.