WordPress Salts keys or authentication keys can enhance the security of your site by adding an extra layer of protection to your login credentials.

If you already have a WordPress website, you must know your user name and password and other people visit your site. But what if your site is hacked?

Don’t worry, WordPress Salts keys can effectively avoid this crisis.

This article will teach you how WordPress Salts keys work and how to use them.

What are WordPress Salts keys?

A WordPress Salts key or authentication key is a random data string containing eight variables used to encrypt credentials. They have been added to your password to further protect your WordPress login information. This ensures that your password is protected from brute force and hack-like attacks.

WordPress Salts keys are stored in wp-config.phpfiles in the root directory of your WordPress website. As shown in the below picture.

Wordpress salts keys
WordPress salts keys

When you log in to the dashboard, multiple cookies (ie, wordpress_[hash]and wordpress_logged_in_[hash]) containing login information is created and stored in your browser.

With a WordPress Salts key, your login details will be hashed, which means they will be encrypted with a random string sequence.

In short, every time you enter sensitive data (such as username and password), the WordPress Salts key regenerates the plain text used as the password into randomly encrypted text.

How do I change the WordPress Salts key?

If you frequently log in to your website from your own or public computer, it is best to change your WordPress Salts key frequently as this will reduce the risk of compromised login credentials.

Even though WordPress Salts keys can already help you protect your WordPress website, changing them regularly is an effective way to enhance your website’s security.


Whenever you change or regenerate the key, you and all users logged into your site are automatically logged out. However, after changing the WordPress Salts key, you can still log in to your site. So if you are suspected of being hacked, you can log out all users at the same time by changing the Salts key.

There are two ways to change your WordPress Salts keys:

Method 1: update manually

Visit https://api.wordpress.org/secret-key/1.1/salt/ directly, you can get the new Salts key, copy and paste to replace the wp-config.phpwith the new one. Every time you go this link to get new Salts keys.

Wordpress salts keys
salts keys

Method 2: WordPress salt key generator plugin

Salt Shaker is a free WordPress security plugin for automating the regeneration of Salts keys. Therefore, you can modify the default variables for Salts keys without coding.

Once it’s installed and activated, just set it up from the ” Tools” page in the WordPress administration backend.

screenshot 1
Salt shaker

You only need to select the interval to change the frequency of the automatic authentication key. You can create schedules daily, weekly, monthly, quarterly, or annually. After setting the interval, your WordPress Salts key will be automatically updated.

However, if you need to change them immediately or at any time, just click the Change Now button.

to sum up

As you can see, the WordPress Salts key is very important for protecting your website as it can provide additional protection for your website login credentials.

You can manually change your site’s Salts keys at any time. Of course, changes can also be made through the Salt Shaker plugin, and scheduled updates can be set.

Leave a Reply