WordPress.org

Ready to get started?Download WordPress

Forums

WP Security Keys (2 posts)

  1. Jackie
    Member
    Posted 3 years ago #

    Ok so i have the latest version of wordpress and want to make sure that its secure in every way possible. I read in quite a few places that I cant remember that a wordpress security key isn't needed anymore in the wp-config file as of version 3.01.

    So i have 3 questions that I hope one of you might be able to help me with:

    1) Secret keys still needed for version 3.01?
    is that still true? Reading the Codex it looks like its still required. On a side note, a couple of the links for the plugins listed for "help i've been hacked" part of the codex are outdated. That is not a complaint, just something I noticed. I'm sure keeping it updated is a HUGE undertaking.

    2) If yes, then secret code sample keys missing, where to insert?
    Anyway, I used the online secret key generator but not sure where to put that code in the wp-config file because the sample/template code) is not there at all. If I'm supposed to add it to the bottom, then Ok.. i just didnt want to break anything.

    CHMOD Root to 755?
    The wp-security-scan plugin is a treasure trove by the way. I fixed one of the issues of adding a blank htaccess file to the wp-admin directory in all my installations. The only issue I am not sure of is chmodding the root of my private server from 775 to 755 which sounds a bit extreme to me. Furthermore I dont even know how to do that. I only know how to chmod files/folders.

    Thanks much in advance.

  2. Tara
    Member
    Posted 3 years ago #

    1) yes, there is a place for these keys in the wp-config-sample.php

    2) look for this in your wp-config-sample.php

    /**#@+
    * Authentication Unique Keys and Salts.
    *
    * Change these to different unique phrases!
    * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
    * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
    *
    * @since 2.6.0
    */
    define('AUTH_KEY', 'put your unique phrase here');
    define('SECURE_AUTH_KEY', 'put your unique phrase here');
    define('LOGGED_IN_KEY', 'put your unique phrase here');
    define('NONCE_KEY', 'put your unique phrase here');
    define('AUTH_SALT', 'put your unique phrase here');
    define('SECURE_AUTH_SALT', 'put your unique phrase here');
    define('LOGGED_IN_SALT', 'put your unique phrase here');
    define('NONCE_SALT', 'put your unique phrase here');

    /**#@-*/

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.