---
title: "How to Secure WordPress using Security Keys and Salts"
description: "Since WordPress 2.7, four security keys have been added to help make your WordPress site more secure. These security keys help encrypt the data that is stored in the cookies, which is data that helps..."
url: https://www.inmotionhosting.com/support/edu/wordpress/securing-wordpress-using-security-keys-and-salts/
date: 2011-08-23
modified: 2026-02-19
author: "Brad Markle"
categories: ["Security", "WordPress Tutorials"]
type: post
lang: en
---

# How to Secure WordPress using Security Keys and Salts

Since WordPress 2.7, four security keys have been added to help make your WordPress site more secure. These security keys help encrypt the data that is stored in the cookies, which is data that helps WordPress identify your computer as one that is logged into your WordPress website as a certain user. If your WordPress cookies are ever obtained by someone with bad intentions, the encrypted cookie will make it much more difficult if not impossible for this individual to compromise your website using your cookies.

These security keys are stored in your wp-config.php file, which is in the root of your WordPress directory. You’ll want to ensure that they are setup properly.

Using the File Manager in your cPanel (or any other editor that you’re comfortable with), open the wp-config.php file. Look for text similar to:

PHP/** * Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the
* {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies.
* This will force all users to have to log in again.
*
* @since 2.6.0
*/

define('AUTH_KEY', 't`DK%X:>xy|e-Z(BXb/f(Ur`8#~UzUQG-^_Cs_GHs5U-&Wb?pgn^p8(2@}IcnCa|');
define('SECURE_AUTH_KEY', 'D&ovlU#|CvJ##uNq}bel+^MFtT&.b9{UvR]g%ixsXhGlRJ7q!h}XWdEC@]c #');
define('LOGGED_IN_SALT', 'w<$4c$Hmd%/*]`Oom>(hdXW|0M=X={we6;Mpvtg+V.o<$|#_}qG(GaVDEsn,~*4i');
define('NONCE_SALT', 'a|#h{c5|P &xWs4IZ20c2&%4!c(/uG}W:mAvy<I44`jAbup]t=]V<`}.py(wTP%%');

```
/** * Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the
* {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies.
* This will force all users to have to log in again.
*
* @since 2.6.0
*/

define('AUTH_KEY', 't`DK%X:>xy|e-Z(BXb/f(Ur`8#~UzUQG-^_Cs_GHs5U-&Wb?pgn^p8(2@}IcnCa|');
define('SECURE_AUTH_KEY', 'D&ovlU#|CvJ##uNq}bel+^MFtT&.b9{UvR]g%ixsXhGlRJ7q!h}XWdEC[BOKXssj');
define('LOGGED_IN_KEY', 'MGKi8Br(&{H*~&0s;{k0
