0

I read the paragraph at the codex on Security Keys.

It offers the example -

define( 'AUTH_KEY',         't`DK%X:>xy|e-Z(BXb/f(Ur`8#~UzUQG-^_Cs_GHs5U-&Wb?pgn^p8(2@}IcnCa|' );
define( 'SECURE_AUTH_KEY',  'D&ovlU#|CvJ##uNq}bel+^MFtT&.b9{UvR]g%ixsXhGlRJ7q!h}XWdEC[BOKXssj' );
define( 'LOGGED_IN_KEY',    'MGKi8Br(&{H*~&0s;{k0<S(O:+f#WM+q|npJ-+P;RDKT:~jrmgj#/-,[hOBk!ry^' );
define( 'NONCE_KEY',        'FIsAsXJKL5ZlQo)iD-pt??eUbdc{_Cn<4!d~yqz))&B D?AwK%)+)F2aNwI|siOe' );
define( 'AUTH_SALT',        '7T-!^i!0,w)L#JK@pc2{8XE[DenYI^BVf{L:jvF,hf}zBf883td6D;Vcy8,S)-&G' );
define( 'SECURE_AUTH_SALT', 'I6`V|mDZq21-J|ihb u^q0F }F_NUcy`l,=obGtq*p#Ybe4a31R,r=|n#=]@]c #' );
define( 'LOGGED_IN_SALT',   'w<$4c$Hmd%/*]`Oom>(hdXW|0M=X={we6;Mpvtg+V.o<$|#_}qG(GaVDEsn,~*4i' );
define( 'NONCE_SALT',       'a|#h{c5|P &xWs4IZ20c2&%4!c(/uG}W:mAvy<I44`jAbup]t=]V<`}.py(wTP%%' );

and the note

You don't have to remember the keys, just make them long, random and complicated -- or better yet, use the online generator.

Is it this simple, to add that code (obviously, using their generator to change the text) to the wp-config file?

Improve this question
4
  • You don't even need to add the Security Keys if they already exist. They'll usually be created when WordPress is installed. Commented Dec 24, 2015 at 20:42
  • I looked. Not there. Are you saying a new installation would have this, but updates over the years don't? Commented Dec 24, 2015 at 22:17
  • As of ~6 years ago WP installs should automatically generate unique salts, see: core.trac.wordpress.org/ticket/12159 I'm not sure if the WP upgrade mechanism would have checked if the salts were there and added them if they were missing. Commented Dec 25, 2015 at 23:32
  • Also yes, it's that simple to add that code to the wp-config file. I just tested commenting out then changing my salts and all I had to do was log back in. Commented Dec 25, 2015 at 23:36

1 Answer 1

Reset to default
1

Yes. If you use the generator to create the salts then add them to your wp-config.php file you can start reaping the benefits of much greater security.

Any current sessions will be invalidated so you'll have to log back in but otherwise there shouldn't be any noticeable change.

Automatic generation of random salts was added a few years back so any new WordPress installs should automatically generate their own unique salts.

Improve this answer
1
  • Ok. Got it. After earlier comments, I found that newer sites had this, but my older ones didn't. So going through and adding where missing. Commented Dec 26, 2015 at 4:05

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.