Keys and Salts

change my WP keys and saltsWordPress uses a cookie to keep track of my login state. While the technical details are a bit out of my comfort zone, if an attacker gets his or her hands on or forges my admin authentication cookie, he or she could take over my admin role and cause a great deal of mischief.

I can easily make my authentication cookie much more secure using keys and salts stored in my wp-config.php file. Google can easily find details and instructions in a number of articles, including All You Need To Know On the WordPress Unique Authentication Keys and Salts.

It seems a reasonable security precaution to change my WP keys and salts periodically – annually seems about right for me. I just need to remember that doing so will cause anyone logged into my site to get booted out and have to log in again.

Update: I stumpled onto the excellent Salt Shaker plugin. It updates WP security keys and salts automatically, every month. I could also choose every week or every day, but that seems like overkill. I now use Salt Shaker on all my WP sites.

WPPOV supports freedom from Net Neutrality and the GDPR. The Internet of the people, by the people, for the people, shall not perish from the Earth.