Comments on: What, Why, and Hows of WordPress Security Keys

By: MichealKennedy

MichealKennedy — Tue, 29 Nov 2011 07:55:54 +0000

Was just gonna ask “why don’t they just automatically generate these for you?” but you answered it

By: Nick

Nick — Wed, 05 Jan 2011 09:16:19 +0000

In wordpress 3.1 these keys are automatically generated.

By: Riese F

Riese F — Tue, 21 Dec 2010 11:43:20 +0000

Appreciate this information and quickly updated my files. My concern is the same as Ricks’ from April in that if my wp-config.php file is hacked then these keys are available to whomever is looking at them correct? But then I thought that if my wp file is hacked and someone other than me is looking at them I am already in trouble…

Any precaution is better than just hoping for the best though! Thank you for your work and efforts.

By: Dave

Dave — Tue, 29 Jun 2010 19:23:02 +0000

You’ll need to use 3.0 to utilise all eight secret keys, rather than the former four. The new WordPress random key generator can be found at https://api.wordpress.org/secret-key/1.1/salt

By: Editorial Staff

Editorial Staff — Sun, 20 Jun 2010 23:12:55 +0000

Those keys become available with WordPress 3.0

By: Keith Davis

Keith Davis — Sun, 20 Jun 2010 11:13:35 +0000

Hi
Thanks for a short and informative post.
I notice that in your example there are four secret keys.
There appear to be more secret keys in WordPress 3.0 – can these be added to previous versions of WordPress?

By: Overview of WordPress 3.0 with Screenshots

Overview of WordPress 3.0 with Screenshots — Mon, 05 Apr 2010 13:44:04 +0000

[...] There were two very cool features that were added in this installation. These new features will certainly help hundreds of lazy bloggers who normally uses the “admin” username and never update Security Keys. [...]

By: Rick

Rick — Thu, 01 Apr 2010 16:57:42 +0000

Um, so does this change your admin password or what? I don’t understand what this does? Maybe that’s because I’m not a hacker. But, if this is just stored in your config.php file, wouldn’t it be way easier for a hacker just to hack into your ftp site and nab this security key out of the config file?

I want my WordPress sites to be more secure, but I just don’t understand what this is preventing?

By: Jack

Jack — Thu, 01 Apr 2010 12:51:48 +0000

Nicely said. The directions are pretty easy, but I think the security and safety is understated in the documentation. Thanks for spelling it out and making the web a safer place.

By: Editorial Staff

Editorial Staff — Thu, 01 Apr 2010 01:15:15 +0000

Good idea, didn’t even think of that.