Support » Fixing WordPress » WP Security Keys

  • Jackie


    Ok so i have the latest version of wordpress and want to make sure that its secure in every way possible. I read in quite a few places that I cant remember that a wordpress security key isn’t needed anymore in the wp-config file as of version 3.01.

    So i have 3 questions that I hope one of you might be able to help me with:

    1) Secret keys still needed for version 3.01?
    is that still true? Reading the Codex it looks like its still required. On a side note, a couple of the links for the plugins listed for “help i’ve been hacked” part of the codex are outdated. That is not a complaint, just something I noticed. I’m sure keeping it updated is a HUGE undertaking.

    2) If yes, then secret code sample keys missing, where to insert?
    Anyway, I used the online secret key generator but not sure where to put that code in the wp-config file because the sample/template code) is not there at all. If I’m supposed to add it to the bottom, then Ok.. i just didnt want to break anything.

    CHMOD Root to 755?
    The wp-security-scan plugin is a treasure trove by the way. I fixed one of the issues of adding a blank htaccess file to the wp-admin directory in all my installations. The only issue I am not sure of is chmodding the root of my private server from 775 to 755 which sounds a bit extreme to me. Furthermore I dont even know how to do that. I only know how to chmod files/folders.

    Thanks much in advance.

Viewing 1 replies (of 1 total)
  • Moderator t-p


    1) yes, there is a place for these keys in the wp-config-sample.php

    2) look for this in your wp-config-sample.php

    * Authentication Unique Keys and Salts.
    * Change these to different unique phrases!
    * You can generate these using the {@link secret-key service}
    * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
    * @since 2.6.0
    define(‘AUTH_KEY’, ‘put your unique phrase here’);
    define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
    define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
    define(‘NONCE_KEY’, ‘put your unique phrase here’);
    define(‘AUTH_SALT’, ‘put your unique phrase here’);
    define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
    define(‘LOGGED_IN_SALT’, ‘put your unique phrase here’);
    define(‘NONCE_SALT’, ‘put your unique phrase here’);


Viewing 1 replies (of 1 total)
  • The topic ‘WP Security Keys’ is closed to new replies.