Improving WordPress Website Security by using Security Keys and Salts

Tutorials WordPress

Keeping your WordPress Website secure will help to minimize threats from attackers.

Here at Fixwebnode, as part of our Website Support Services, we regularly help our Customers to Optimize their website for Speed and to improve the Search Engine Optimization.
In this context, we shall look into how to secure your WordPress Website with security keys and salts.

More about Security keys and Salts in relation to your WordPress Website.

From WordPress version 2.7, the security has been enhanced with an additional four security keys to make your website more secure. The security keys aims at encrypting data securely which is stored to the website cookies.
This data stored in the cookies helps the website to identify your computer system in the process of logging into your WordPress Website of any registered user.
Additionally, in cases where an attacker launches a threat against the Website, with the help our the cookies it will be impossible for the attacker to compromise your website.
The Security keys are stored in the file "wp-config.php" located at the root directory of your WordPress Website. Therefore it is very important to set it up correctly.

How to set up the Security Keys and Salts automatically on WordPress?

So if you are using cPanel control panel, you can configure the Security keys via the "wp-config.php"  as stated before.
Start by logging into your cPanel and once logged in, navigate to the File Manager.
Now open the file "config.php" which will look like this;
/** * Authentication Unique Keys and Salts.  


    * Change these to different unique phrases!

    * You can generate these using the  

    * {@link secret-key service}       

    * You can change these at any point in time to invalidate all existing cookies.  

    * This will force all users to have to log in again.


    * @since 2.6.0  


define('AUTH_KEY',         't`DK%X:>xy|e-Z(BXb/f(Ur`8#~UzUQG-^_Cs_GHs5U-&Wb?pgn^p8(2@}IcnCa|');

define('SECURE_AUTH_KEY',  'D&ovlU#|CvJ##uNq}bel+^MFtT&.b9{UvR]g%ixsXhGlRJ7q!h}XWdEC[BOKXssj');

define('LOGGED_IN_KEY',    'MGKi8Br(&{H*~&0s;{k0<S(O:+f#WM+q|npJ-+P;RDKT:~jrmgj#/-,[hOBk!ry^');

define('NONCE_KEY',        'FIsAsXJKL5ZlQo)iD-pt??eUbdc{_Cn<4!d~yqz))&B D?AwK%)+)F2aNwI|siOe');

define('AUTH_SALT',        '7T-!^i!0,w)L#JK@pc2{8XE[DenYI^BVf{L:jvF,hf}zBf883td6D;Vcy8,S)-&G');

define('SECURE_AUTH_SALT', 'I6`V|mDZq21-J|ihb u^q0F }F_NUcy`l,=obGtq*p#Ybe4a31R,r=|n#=]@]c #');

define('LOGGED_IN_SALT',   'w<$4c$Hmd%/*]`Oom>(hdXW|0M=X={we6;Mpvtg+V.o<$|#_}qG(GaVDEsn,~*4i');

define('NONCE_SALT',       'a|#h{c5|P &xWs4IZ20c2&%4!c(/uG}W:mAvy<I44`jAbup]t=]V<`}.py(wTP%%');

Note that the above code is random and it depends on your WordPress Installation.

How to set up Security keys and Salt manually on WordPress?

TO start, follow the steps below;
i. Go to the Official WordPress Salt source at
ii. Then, copy the randomly generated code to your WordPress "wp-config.php" file. This will change the way in which WordPress encrypts cookie data for users.

Need support in Optimizing your WordPress Website? We are available to help you today.



Security keys to help make your WordPress site more secure. This guide will help you to configure and enhance your WordPress Website with Security Keys and Salts.

Your Cart