Salt Shaker

Description

Like Salt Shaker? Consider leaving a 5 star review.

Salt Shaker Features

  • Improve your WordPress security.
  • Easy to use, set it and forget it, with minimal settings.
  • Manual and immediate WP security keys and salts changing.
  • Set automated schedule for keys and salts change.

Developers?

Feel free to fork the project on GitHub and submit your contributions via pull request.

Screenshots

  • Plugin Settings.

Installation

  1. Upload salt-shaker folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the Plugins menu in WordPress.
  3. Navigate to Tools > Salt Shaker menu to configure the plugin.

FAQ

The plugin isn’t working or have a bug?

Post detailed information about the issue in the support forum and we will work to fix it.

Reviews

Issue with parameters

Dear, i have issue with parameters. Now my debug.log increase every seconds to huge log. Warning: fgets() expects parameter 1 to be resource, bool given in /wp-content/plugins/salt-shaker/_inc/core.class.php on line 63 Warning: feof() expects parameter 1 to be resource, bool given in /wp-content/plugins/salt-shaker/_inc/core.class.php on line 62 please, what i can do? also when i uninstall the plugin this warning still generate.

UNSAFE file permissions set by plugin

I've been using this plugin for a long time to try help harden WordPress installs against hackers. I recently noticed that the file permissions on the wp-config.php files kept being changed to 666 and thought that my sites had been hacked. By pure luck and chance, while looking at a site error log, I found that this file wp-content/plugins/salt-shaker/_inc/core.class.php has this code towards the bottom //set the recommended permissions to wp-config.php read: chmod($config_file, 0666); This changes the permissions on your wp-config.php file to 666 meaning that the whole world can read and write to your wp-config file!!!!! WTF! Anyone would have total access to server paths, database details as well as password, etc. Additionally I have noted that while it is changing the SALTS it still allows me to remain logged into the site instead of logging ALL users out as it should be. UNINSTALLED IMMEDIATELY. I DO NOT RECOMMEND INSTALLING THIS PLUGIN.

Date / Time

How much harder can it be to allow setting of the date and time that the keys will be changed? How does one know when they have been changed?
Read all 14 reviews

Contributors & Developers

“Salt Shaker” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Salt Shaker” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.2.2

  • Tested with WordPress 5.1.
  • Added: link to the settings page from the plugins page.
  • Added: redirect to the login page after the immediate change action.
  • Added: check if wp-config.php is writable. How the heck this was missing?!
  • Added: Filter to define a custom salts file. salt_shaker_salts_file

1.2.1

  • Tested with the upcoming WordPress 5.0
  • #11 – Added more interval times, quarterly and bianually.
  • Fixed an issue with wp-config being in outside the root directory.
  • Fixed a bug when updating the cron, now the old cron job is deleted.

1.2

  • Tested with the upcoming WordPress 4.9
  • #9 – Change salts if wp-config.php is moved one directory higher than the document root
  • Setting the right permission to wp-config.php after changing the salts according to Codex recommendations.

1.1.6

  • #8 – Change line endings to LF

1.1.5

  • Security improvements

1.1.4

  • Improvements:
    ** Ensure the user is administrator before processing AJAX requets
    ** Escape attributes using esc_attr_e

1.1.3

  • WordPress 4.8 Compatibility.

1.1.2

  • WordPress 4.7 Compatibility.

1.1.1

  • Edited Arabic translation file.

1.1

  • Few enhancements
  • Multilingual Ready

1.0

  • Initial Release