If you've ever viewed the core configuration file (wp-config.php) for a WordPress site then you'll probably have noticed a section defining eight WordPress constants relating to security keys and salts: AUTH_KEY SECURE_AUTH_KEY LOGGED_IN_KEY NONCE_KEY AUTH_SALT SECURE_AUTH_SALT LOGGED_IN_SALT NONCE_SALT Note: wp-config.php is located in the root folder of your WordPress installation by default. These constants contain security keys and salts which are used internally by WordPress to add an additional layer of authentication and to enhance security. WordPress uses cookies (rather than PHP sessions) to keep track of who is currently logged in. This information is stored in cookies in your browser. To make sure that authentication details are as secure as possible, unique keys and salts are used to increase the level of cookie encryption. These are recommended to be long strings (typically 64 characters long) of random alphanumeric and symbol characters. The AUTH_KEY, SECURE_AUTH_KEY, and LOGGED_IN_KEY security key constants were added in WordPress 2.6, which replaced a single all-in-one key first introduced in WordPress 2.5. NONCE_KEY was added soon after, in WordPress 2.7. Corresponding
Share This