Why and How to Use WordPress Security Keys – Beginners Guide

Spread the love

In this tutorial, we will discuss on WordPress security encryption keys. These security keys are free to use and are very much required to make your website somewhat more secure than default installation. In this chapter, you will learn how to obtain and install WordPress security keys on your website, and why using these encryption keys are useful for your website.

What are WordPress Security Keys?  

If you are concerned about the security of your WordPress blog and doing some research, then you probably somewhere read about the security key feature of WordPress.

Though it is enabled by default with default keys, WordPress.org provides you an option to change those keys for better security.

WordPress Security Keys are random variables that enhance the encryption of information stored in the user’s cookies. The one set of keys consists of a total of eight security keys: AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY, AUTH_SALT, SECURE_AUTH_SALT, LOGGED_IN_SALT, and NONCE_SALT.

These keys can be obtained for free, we will tell you later in this chapter.

Why use WordPress Security Keys?  

These security keys (or encryption keys) makes it harder to crack your site's login password. A non-encrypted password like “username” or “password” can be easily broken, but a random, unpredictable, encrypted password such as “68b7da62164ba6ce9cb3c76a05674ed” will take years to be deciphered by any hacker.

That's why you must use unique WordPress Security keys to increase the security of your WordPress powered blogs or websites.

How to use WordPress Security Keys on your website?  

By default, self-hosted WordPress blogs define default Security Keys for your blog cookies. It is important to change those keys and assign any other arbitrary generated keys. It is a very simple and easy task if you know how to use FTP for transferring files between your local PC and web host.

Step 1: You are required to get your own unique Secret Keys. WordPress has a random key generator that can generate a unique secret key set for you, every time you refresh the page a new unique keyset would be generated. We recommend you use that generator instead of creating your own.

Step 2: You need to modify your wp-config.php (file). You can find this file located in your WordPress installation folder (the same folder where your wp-uploads and other folders are stored). Download the file and open it with any code editor such as Notepad++. In your wp-config.php file head on to the line 49, and you will find the default key set (shown below):

WordPress Security Keys

Simply take the security keys you have generated in step 1 and replace them with respective existing lines.

Save your modified wp-config.php file, and upload it to the root folder. If you were already logged into your WordPress admin panel, then you will be prompted to log back in again.

Other Frequently Asked Questions (FAQs): 

I don't have the option to edit the wp-config file, what should I do?

Probably, you are using WordPress.com. This security option is for self-hosted WordPress.org installations. Check out our guide on WordPress.org vs WordPress.com.

Do I have to remember my Security Keys?

No, you do not have to remember those security keys. You just have to paste it once in the wp-config.php file and that is it. If for any reason you think that you have to change those keys again then use the same procedure explained above.


We hope that you have enjoyed the above article on implementing WordPress Security Keys for securing your website. Be with us to explore free training on Leading Technologies and Certifications.

Leave us some comments if you have any questions or doubts about WordPress encryption keys, we will be happy to help you.

If you like our articles please like our facebook and twitter page to receive notifications on recent and updated contents.

Spread the love
Posted in WordPress Tutorial and tagged , .

I'm passionate about Information Technology & spreading my knowledge makes me happy. I Have MBA(IS), ITIL, PRINCE2, CCNA, CCNP, MCSA, MS Hyper-V Certifications, and Trained in PMP, CCIE. And also have 10+ Yrs of Work Experience.
I wish you all the best in your career !!!!

0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments