What Are WordPress Salts and Why You Should Use Them

WordPress Salts or security keys can strengthen your site’s security by adding an extra layer of protection to your login credentials.

If you already have a WordPress site, you must know that your username and password is the first and the most important security measure to prevent others from accessing your site. But what if your site gets hacked?

No worries, WordPress Salts can effectively avert that crisis from ever happening.

This article will teach you how WordPress Salt keys work and how to use them.

What Are WordPress Salt Keys?

WordPress Salt Keys or secret keys are random strings of data containing eight variables that encrypt your credentials. They’re added to your password to further secure your WordPress login information. This makes sure your passwords are immune to brute-force attacks and similar hacks.

WordPress Salt Keys are stored in your wp-config.php file in the public_html folder of your WordPress site. Here is how they look like:

HTML snippets of 8 salt keys on wp config fileWhen you’re logging in to your Dashboard, multiple cookies containing your login information –  namely, wordpress_[hash] and wordpress_logged_in_[hash]  –   are created and stored inside your browser.

With WordPress Salt Keys, your login details are hashed, meaning that they are encrypted with the sequence of random strings.

Simply put, every time you input sensitive data, such as your username and password, WordPress Salt Keys will regenerate the plain text used as your password into a randomly encrypted text.

How to Change WordPress Salt Keys?

If you frequently log in to your website either from your own or public computer, it will be better for you to change your WordPress Salt Keys as often as possible because the risk for your credentials getting compromised is higher.

Even though WordPress Salt Keys already help you to defend your WordPress site, changing them regularly is a really effective way to strengthen your site’s security.

Why so?

Whenever you change or regenerate your keys, you and all of the users logging in to your site will automatically be logged out. However, you are still able to log in to your site after you change the WordPress Salt keys. Therefore in the event of a possible hack, you change your password and log out all users at the same time, which gets two birds with one stone.

There are two ways of changing your WordPress Salt Keys: you can manually do that by changing the eight defaults variables using a random key generator or automatically generate the keys using a plugin.

However, changing your keys manually can be riskier and time-consuming, as you need to manually edit the core file and upload it using FTP. And if you don’t do this correctly, the process can even damage your website.

But, don’t worry, you can simply use a plugin to change your WordPress Salt Keys without needing to edit the eight variables of Salt Keys in your site’s wp-config.php file.

Salt Shaker

Salt Shaker WordPress pluginSalt Shaker is a free WordPress security plugin used to automate the process of regenerating your Salt Keys. Therefore, you don’t need to code in order to modify the key’s default variables.

Salt Shaker also allows you to automatically schedule the changes of your WordPress Salt Keys.

Once it is installed and activated, simply launch it from Tools page on your WordPress admin area to schedule the changes.

Setting the Salt Key renewal schedule using Salt ShakerYou only need to choose the interval for how often you want your automated authentication keys to change. You can create a schedule on a daily, weekly, monthly, quarterly, or annual basis. Once you set the interval, your WordPress Salt Keys will be automatically updated.

However, if you need to change them immediately or any time you want, by simply clicking the Change Now button.


As you can see, WordPress salt keys are really important to secure your site, as it can build an additional layer of protection for your site’s logins credentials.

You can change your site’s Salt keys as frequent as you like.

To do that, you can simply change it using the Salt Shaker plugin rather than doing it manually.

Salt Shaker plugin helps you to automate the process of changing your WordPress Salt Keys according to a schedule that you set  – either daily, weekly, monthly, quarterly, or annually.

The Author


Fitrana A. / @fitrana

Fitrana is Hostinger's Digital Content Writer. She loves doing in-depth research to make every topic accessible to all readers. Besides writing, she enjoys attending music gigs, photo hunting, and reading books.

Related tutorials

Leave a reply




This site uses Akismet to reduce spam. Learn how your comment data is processed.

Become a part of Hostinger now!

More in WordPress
How to Launch a WordPress Site