How to Automatically Change WordPress SALT Keys

Graham Pinkney

WordPress websites have a vital defence mechanism in place concerning login interactions.The threat of facing an attack is always very likely and it is important to choose a secure password and keep it safe. In the event of an attack, this will make it much more difficult for any attacker to gain access. WordPress uses ‘salt’ keys to secure your data keeping your passwords protected. These are used to keep your data secure. Should an attacker manage to gain access to your data the passwords will remain secure.Let’s take a closer look at what salt keys are and how they can be changed to keep your data protected.

What are WordPress SALT Keys?

WordPress SALT keys are keys used to keep your login data changing and encrypted, thus making any potential attacker’s job much more difficult. WordPress will automatically store your login details via cookies which can be taken advantage of in some circumstances such as when used on shared public computers. Keeping your website protected is extremely important, so here are a couple of methods on how to change your WordPress salt keys to maintain your site security.

Manually Change SALT Keys

One option available to you is to change the security keys being used from the wp-config.php file, located in the root folder of the WordPress site. This is often named public_html, www or the name of your site. To increase security these codes should be changed every few months which can be done manually by logging into your website through an FTP cross-platform application. Once logged into an FTP, make your way to the WP-config.php file and right-click the file then select the view/edit option from the drop-down menu. This will download a duplicate of the file onto your computer and it will open automatically via your default word processing application. On this application use the search function (crtl+f) to find a piece of text that reads ‘Authentication Unique Keys and Salts’. Below this line you should see a piece of coding that looks like this:

To create new code to replace what is currently there visit this WordPress SALT generator and copy and paste in place of the previous code. This shouldn’t cause any issues with your site’s functionality when done correctly but will require a relog for yourself and any other users. Once you have successfully changed your keys by adding the new code save the update to your WP-config.php file and close it. Your FTP application will then ask if you would like to save your changes. Confirm your changes by selecting yes and you will now be safe to proceed and log back into your website.

Automatically Change Salt Keys

Manually changing the salt keys will still help to maintain the security of your site but it can be a time-consuming method in comparison to trying to change them automatically. WordPress has an elegant plugin called Salt Shaker which can help you run your site security more efficiently rather than go through the tedious manual method.

Installing The Salt Shaker Plugin

Generating new salt keys can be done automatically through a fairly straightforward method by
making use of the Salt Shaker WordPress plugin. The Salt Shaker plugin is an extremely useful tool with some great benefits such as:

 Increasing your WordPress security
 Simple set up process
 Automatic and manual salt key changing options available
 Easy to plan in future key and salt changes.
To begin gaining the benefits of the Salt Shaker plugin you will have to install and set it up for your WordPress.

To install the Salt Shaker plugin follow these three simple steps:

1. Add your downloaded Salt Shaker folder to the WP-content/plugins/directory
2. Go to your plugin menu on WordPress and activate the Salt Shaker plugin
3. Go to tools and hit Salt Shaker menu to configure the plugin.

Using Salt Shaker Plugin

Using the Salt Shaker plugin is a straightforward task and shouldn’t cause too much difficulty getting accustomed to. Go to the settings tab on your dashboard and you should see a new Salt Shaker option. There are two available options to choose from within the plugin. The first option allows you to plan future changes to your WordPress salt keys. How frequently you want them to change is down to personal preference whether you want it daily, weekly or monthly.

In most scenarios, a daily change isn’t required and can become an inconvenience to the day-to-day running of your site as it forces all users to log out. Once you have selected how frequently you want your salt keys to change, they will now do so at every set interval. The other available option is quite straightforward and allows you to change your salt keys instantly. Just go to the immediate change section and select change now to update all of your salt keys. This will log you out, at which point WordPress will prompt you to log back in much like the manual method of changing the keys.

In Conclusion

The first line of defence is quite obviously always making sure that you have chosen secure passwords and don’t share access with others to your details. WordPress salt keys are a necessary function for ensuring that your data is kept encrypted and secure from potential threats. Updating these as often as possible will help maintain a high level of security for your site and, no matter which method you prefer to choose, it is highly beneficial.

Overall, the manual method is a lot more time-consuming in comparison to the Salt Shaker plugin.
The Salt Shaker plugin not only has the option to schedule your security key changes for later dates but it also allows you to change instantly without having to go through the FTP application system to manually change. Using the Salt Shaker plugin is the way forward when it comes to looking for automatic changes but no matter what option you go for, changing the keys will help ensure the security of your site’s data.

Graham Pinkney

Author Graham Pinkney

Graham heads up our digital marketing team here at Elementary with nearly a decade of agency experience working across clients from large retailers to SME's in varying industries. Graham's background is primarily in SEO, content marketing, analytics and conversion rate optimisation.

More posts by Graham Pinkney