EN 
PL 
DE 
WordPress is one of the most popular content management systems (CMS) in the world for creating and managing websites. However, with its popularity, the interest of potential hackers is also growing. One way to protect our site is to use WordPress security keys. In this article, we will explain what these keys are for, how to use them, and provide some specific solutions that will help us secure our website.
What are WordPress security keys?
Definition
WordPress security keys are a set of constants defined in the WordPress configuration file (wp-config.php), which are used to encrypt information stored in cookies. These cookies are used to identify users logged in to the website. Thanks to security keys, this information is encrypted, making it difficult to read and use by unauthorized persons.
Roles of security keys
WordPress security keys have two main roles:
- They improve cookie security, making it more difficult for session or cookie hijacking attacks.
- They affect session length, which can help protect against brute force attacks.
How to use WordPress security keys?
Configuring security keys
To configure security keys in WordPress, you need to define eight constants in a file wp-config.php:
define('AUTH_KEY', 'your unique string'); define('SECURE_AUTH_KEY', 'your unique string'); define('LOGGED_IN_KEY', 'your unique string'); define('NONCE_KEY', 'your unique string'); define('AUTH_SALT', 'your unique string'); define('SECURE_AUTH_SALT', 'your unique string'); define('LOGGED_IN_SALT', 'your unique string'); define('NONCE_SALT', 'your unique string');Unique strings should be long and complex to be difficult to guess. These values can be generated manually, but there are also many online generators, such as the one available on the official WordPress website (https://api.wordpress.org/secret-key/1.1/salt/).
Changing security keys
It is recommended to change your security keys regularly, which helps to hinder possible attacks. Just generate new strings of characters and replace the existing values in the file with them wp-config.php. It is worth remembering that after changing the keys, all logged in users will have to log in again.
Solutions to increase WordPress security
iThemes Security plugin
iThemes Security is a popular WordPress plugin that includes many features to increase site security. One of its elements is the automatic change of security keys according to a set schedule.
Salt Shaker plugin
Another helpful plugin is Salt Shaker. It allows you to easily change security keys without having to manually edit the file wp-config.php. Salt Shaker also allows you to set your keys to change automatically every month, week, or day.
Hardening WordPress
In addition to security keys, it's worth implementing other practices related to securing WordPress, such as limiting login attempts, using strong passwords, and keeping WordPress and plugins up to date. Useful information on this topic can be found in the official “Hardening WordPress” guide available on the WordPress Codex website.
To summarize, WordPress security keys are an important element of protecting your website against hacker attacks. By changing keys regularly and using appropriate plugins, we can significantly improve the security of our website.