New to this and trying to do a upgrade:Authentication Unique Keys and Salts

Resolved charmitch
(@charmitch)

13 years, 9 months ago

I’m new at this and I’m trying to do an upgrade. I’m at the part where they are asking me to do the: Authentication Unique Keys and Salts.
I know i sound clueless (and that’s how I feel), but what does this mean? What do I do at this point? And what is it for? Please please help.

* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
define(‘AUTH_SALT’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’, ‘put your unique phrase here’);
define(‘NONCE_SALT’, ‘put your unique phrase here’);

Viewing 7 replies - 1 through 7 (of 7 total)

Rev. Voodoo
(@rvoodoo)

13 years, 9 months ago

you just replace the lines you posted with the ones generated by clicking the link you posted above in the wp-config.php file

Thread Starter charmitch
(@charmitch)

13 years, 9 months ago

I don’t get it. These are the lines from the wp-config.php file. I’m I suppose to put some type of phrase in them or just leave them as they are?

Moderator James Huff
(@macmanx)

Volunteer Moderator

13 years, 9 months ago

Exactly as the file says:

* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
Rev. Voodoo
(@rvoodoo)

13 years, 8 months ago
replace these lines
```
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
```
with the ones you get visiting https://api.wordpress.org/secret-key/1.1/salt/
Thread Starter charmitch
(@charmitch)

13 years, 8 months ago

Thank you

EC (Lisa) Stewart
(@ecstewart)

13 years, 8 months ago

with the ones you get visiting https://api.wordpress.org/secret-key/1.1/salt/

I got hung up on that, too. It appeared as though they wanted us to include /WordPress.org in the string!

Thanks for clarifying, James & Rev Voodoo!

SilentThunderStorm
(@silentthunderstorm)

13 years, 2 months ago

Better information can be found here:

These are encryption keys to keep the cookies set on a viewers computer to be secure.

You don’t have to remember any of the keys, rather, the configuration file will use and remember them for you. Since it uses the same set of keys to encrypt and decrypt the cookies, this is the only place they need to be stored.

Changing them requires the user to log in again, because the old cookie, with the old encryption key, can no longer be read.

Any sequence of letters, numbers and symbols can be used… you could even simply put your name in each of them. Using the link, however, will result in random garbage, simply because this is far harder to crack.

A further recommendation (per that same page): NOTE: Since Version 2.6, wp-config.php can be moved to the directory directly above the WordPress application directory.

Doing this, and correctly setting permissions will help keep this file secure. Keep in mind that this file contains your database pathname, username, password, as well as your encryption keys. Keeping this file secure should be paramount.