Add Security, Salt Keys for User Cookie Encryption in WordPress

It's like having Evelyn Salt guard your Blog! ... Almost...

[This post is part of the Ultimate Guide to Launching a WordPress-Powered Blog series.]

After installing WordPress initially there are more than a few things that you’ll want to do to increase the security of your blog installation and one of them is adding the 8 Secret (or Security and Salt) Keys into your wp-config.php file.

These 8 keys were introduced by WordPress to help better encrypt the information stored in the user’s cookies. Not sure what a “cookie” is? Here’s a good definition:

A cookie, also known as a web cookie, browser cookie, and HTTP cookie, is a piece of text stored on a user’s computer by their web browser.

A cookie can be used for authentication, storing site preferences, shopping cart contents, the identifier for a server-based session, or anything else that can be accomplished through storing text data.

And yes, WordPress uses cookies so it’s better to upgrade their security settings, right? What does this mean practically and in layman’s terms? It means:

  • Your blog is harder to hack.
  • The access to your blog via scripts and malicious people is made much more difficult.
  • The randomly-generated security key can take years to hack. Combined with a “salt” key, it’s very tough to beat!

Not sure what any of this actually means? That’s fine! You’re still going to want to do it, and it’s not too hard.

Here we go:

1. Generate Random Keys

This part is easy: Go to WordPress’ own online generator found here and copy this information into a text pad:

Got them? Great.

2. Paste Keys into wp-config.php

Using your favorite FTP application (here are my favorites) you’ll want to find your wp-config.php file located in the root of your WordPress installation:

Open the wp-config.php file and it should look something like this:

Now just copy and paste the keys that the online generator created for you into this file like so:

Then save your file and you’re done! You can now rest a little more easy knowing that you’ve made a significant improvement to the security of your WordPress blog!

Well done!

[This post is part of the Ultimate Guide to Launching a WordPress-Powered Blog series.]

Published by

John

Hacker. Human.