This article will explain how to change your WordPress salts. WordPress salts are a set of encryption data used to hide your login information from malicious actors. This is a quick tutorial on how to change them so for our purposes we won’t be going into more detail about their use. It isn’t necessary to change them but doing so periodically can enhance your site’s security.
Notes:
Keep in mind, changing your salts will log out all users currently logged in, and require them to log in again.
When making updates to WordPress files it’s always recommended that you back them up in case you need to restore to a previous version.
You can change your salts using plugins but it’s very simple to do manually and worth knowing for those self managing their WordPress websites.
STEP 1: Find your wp-config file
Your salts are located in a WordPress core file called wp-config.php. We’ll be replacing the existing salts with new ones with a simple copy/paste. By default the wp-config file is located in the root folder of your WordPress site. It is possible that the wp-config file has been placed elsewhere (typically one folder above the root), for security purposes. If you don’t see wp-config in your root folder, consult with whoever set up the site originally.
You can access your site folders and files from your web host’s file manager or through FTP. Depending on how you’re accessing the file you can either download it to edit it locally or edit it directly from the file manager. Either way, make a backup of it that you can use to restore the original version in the event of a problem.
STEP 2: Generate new salt keys
Go to the official WordPress key generator
This page is provided by WordPress and will auto-generate a set of encryption data; 4 ‘KEYS’ and 4 corresponding “SALTS”, each accompanied by a long string of randomized characters. Copy the entire page’s contents.
STEP 3: Replace your current salts with the new ones
Open your wp-config file in a text editor. Scroll down to the Authentication Unique Keys and Salts section. You will see your set of keys/salts and their corresponding data. Select the entire set keys/salts and replace them by pasting in the ones you copied in step two.
Do not edit anything else in wp-config. Save the file.
STEP 4: Replace the old wp-config file with the updated one
If you edited/saved the wp-config file directly within your host’s file manager then you can skip this step. If you downloaded it or are using and FTP client to access your site files you’ll want to upload the updated version of the wp-config file to the server, replacing the old one in the process.
And that’s it, you’re done. As mentioned it’s recommended that you change out your salts from time to time as a way to enhance your site’s security.