Since WordPress 2.7, four security keys have been added to help make your WordPress site more secure. These security keys help encrypt the data that is stored in the cookies, which is data that helps WordPress identify your computer as one that is logged into your WordPress website as a certain user. If your WordPress cookies are ever obtained by someone with bad intentions, the encrypted cookie will make it much more difficult if not impossible for this individual to compromise your website using your cookies.

These security keys are stored in your wp-config.php file, which is in the root of your WordPress directory.You'll want to ensure that they are setup properly.

Using the File Manager in your cPanel (or any other editor that you're comfortable with), open the wp-config.php file. Look for text similar to:

/**
* Authentication Unique Keys and Salts.
* 
* Change these to different unique phrases!
* You can generate these using the 
* {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}      
* You can change these at any point in time to invalidate all existing cookies. 
* This will force all users to have to log in again.
* 
* @since 2.6.0 
*/ 

define('AUTH_KEY',         't`DK%X:>xy|e-Z(BXb/f(Ur`8#~UzUQG-^_Cs_GHs5U-&Wb?pgn^p8(2@}IcnCa|');
define('SECURE_AUTH_KEY',  'D&ovlU#|CvJ##uNq}bel+^MFtT&.b9{UvR]g%ixsXhGlRJ7q!h}XWdEC[BOKXssj');
define('LOGGED_IN_KEY',    'MGKi8Br(&{H*~&0s;{k0<S(O:+f#WM+q|npJ-+P;RDKT:~jrmgj#/-,[hOBk!ry^');
define('NONCE_KEY',        'FIsAsXJKL5ZlQo)iD-pt??eUbdc{_Cn<4!d~yqz))&B D?AwK%)+)F2aNwI|siOe');
define('AUTH_SALT',        '7T-!^i!0,w)L#JK@pc2{8XE[DenYI^BVf{L:jvF,hf}zBf883td6D;Vcy8,S)-&G');
define('SECURE_AUTH_SALT', 'I6`V|mDZq21-J|ihb u^q0F }F_NUcy`l,=obGtq*p#Ybe4a31R,r=|n#=]@]c #');
define('LOGGED_IN_SALT',   'w<$4c$Hmd%/*]`Oom>(hdXW|0M=X={we6;Mpvtg+V.o<$|#_}qG(GaVDEsn,~*4i');
define('NONCE_SALT',       'a|#h{c5|P &xWs4IZ20c2&%4!c(/uG}W:mAvy<I44`jAbup]t=]V<`}.py(wTP%%');
The text above is random, and will vary based on each WordPress installation. Do not copy this code!

You want to make sure that you see these lines that start with define('AUTH_KEY', define('SECURE_AUTH_KEY', and so on. If you don't see these lines, you'll want to set this up yourself.

Manual Set Up:

  1. Visit https://api.wordpress.org/secret-key/1.1/salt/
  2. Copy the randomly generated values into your wp-config.php file. That's it! When you do this, you're changing the way that WordPress encrypts cookie data. Do this in a sense "nulls and voids" all other cookies, so if you have current users logged in, they'll need to login again.

More Information on Security Keys

If you'd like more information on WordPress Security Keys, Wordpress.org recommends the following links:
Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
n/a Points
2014-05-20 1:01 pm

i have two files.. one is config.php and the other one is config-sample.php. Please let me know which one to change.

my website address is http://yourfinancebook.com/

Staff
18,686 Points
2014-05-20 1:18 pm
Hello Abhi,

The file named config.php is the one you want to work with.

Kindest Regards,
Scott M

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

2 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!