Installing WordPress isn’t too complicated, but there is an important piece of the wp-config.php file that should not be overlooked when it comes to your site’s security. Security keys were added to provide better encryption of the information stored on your user’s cookies. So what do you need to know?
Where do you find security keys?
It’s pretty simple. You can find them in your wp-config-sample.php or wp-config.php file. When you first look at your sample file it will look like this:
define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
You don’t need to remember your keys
Your keys are handled by the WordPress CMS security so you don’t need to actually know what you set the keys. They can be as complex or as simple as you like. The more complex, the more secure your keys are.
The lazy man’s way
WordPress was kind enough to provide us a secret key generator. Use this generator to replace your keys when creating your wp-config.php file.
Change them anytime
You can change your secret keys at any time. This will require your users to log in again to reauthenticate and encrypt your cookies with the new keys. This way you aren’t locked in forever.
Any questions? The comments are yours below.