Heads up – Depending on your webserver’s configuration, activated plugins and/or themes, the following could break some functionality. It is strongly advised to try out any configuration in a testing/staging environment before changing any configuration on production servers.

Complex WordPress Security Keys

WordPress makes use of a set of long, random and complex Security Keys. These keys consist of a number of encryption keys as well as cryptographic salts.

Security Keys ensure better encryption of information stored in the users’ cookies. There are a total of eight security keys that WordPress uses – AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY, AUTH_SALT, SECURE_AUTH_SALT, LOGGED_IN_SALT, and NONCE_SALT.

A Security Key functions similarly to a very strong password or passphrase and should contain elements that make it harder to generate enough options to crack. WordPress Security Keys also make use of cryptographic salts to further strengthen the security of the generated result.

You can either make your own random keys, or you can use WordPress’ online key generator to do this for you. Simply copy and paste the keys generated by the generator into your wp-config.php file.

In Part 5 of the series we will be discussing Restricting Access to wp-admin Directory

ead the entire article on How to prevent a WordPress hack

Ian Muscat

Ian Muscat used to be a technical resource and speaker for Acunetix. More recently, his work centers around cloud security and phishing simulation.