CleanTalk WordPress Security plugin feature: Change unique and secret authentication keys and salts 


WordPress uses special secret strings to increase the security level of your website. These strings are called security keys and salts. They are random strings of data stored in the wp-config.php. WordPress uses cookies to check if you were logged. However, cookies are vulnerable to attack and it's not safe to store login details in plain text, that's why WordPress encodes your details with security keys and salts. Your password will be stored as something like "HGv#87&%))@ezWFC>/+_"


WordPress secret keys


You should keep WordPress keys in secret as they allow to log in to your website without knowing the password.


Why should I change my WordPress security keys and salts?


If you want to improve the security of your website you can change them regularly. This will close all active sessions from any device and prevent key leaks. If there is a chance keys have been compromised, you need to change them immediately. Also, if your website was hacked it's not enough to change your password. After deleting malware don't forget to change WordPress security keys and salts. 

NOTE: After changing WordPress security keys and salts all users will be logged out automatically.


How to change WordPress security keys and salts with the CleanTalk Security plugin?


You can find Shuffle salts button here: WordPress Dashboard -> Settings -> Security by Cleantalk -> General Settings tab -> Authentication and Logging In section


Shuffle salts button


The button is not active by default. You can activate it by triple-click.


Shuffle button


The plugin also activates it if a Malware scanner detected dangerous code. You will see the link after scan (press F5 to reload the page):


Malware scanner link


The link will open General Settings tab with active Shuffle salts button


Shuffle button


Press the button and all keys and salts will be changed. You will be logged out, and authentication with the password will be needed.


NOTE: After changing WordPress security keys and salts all users will be logged out automatically.



If you haven't found the answer to your question, please, contact our support team: [ ].


Was this information helpful?

It would also be interesting

Copied to clipboard