5 Minute Security Upgrade: Set your secret keys
If you want to greatly increase the security of your WordPress site, here’s an easy technique for you to employ. Although it’s been around since version 2.6, we see it rarely used by site owners and it’s worth revisiting.
When you log into WordPress a cookie is created. A cookie is a little bit of data that can help do a number of important tasks including keeping track of who is logged in and who’s not. Some personal and private information may stored inside the cookie including your username, time of your login and the site’s URL. A hacker may attempt to crack your cookies and run automated software to attempt various common password combinations; if they get it right they’ll have access to your site and will exploit it at will.
You can dramatically increase the security of your cookies, making them much harder to crack, simply by creating secret keys. Once you create these keys you won’t need to remember or keep track of them making this a pain-free technique and one you can accomplish in 5 minutes. WordPress has four secret keys that you’ll create: AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY and NONCE_KEY and 4 SALTS that are optional. Let’s get started.
FTP to your web server and open wp-config.php. Scroll down to line 45 and find this:
You’ll be putting your keys where it says ‘put your unique phrase here’. Be sure to keep single quote marks around your keys.
Automatically generate unique, random keys by visiting https://api.wordpress.org/secret-key/1.1/salt/.
Copy and paste into wp-config.php, then save your file back to the server.
That’s it! Although there are a million ways to get hacked, you just prevented a big one. Get more security tutorials at Cinch Web Services.
Originally published at Cinch Web Services.