WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] New to this and trying to do a upgrade:Authentication Unique Keys and Salts (8 posts)

  1. charmitch
    Member
    Posted 4 years ago #

    I'm new at this and I'm trying to do an upgrade. I'm at the part where they are asking me to do the: Authentication Unique Keys and Salts.
    I know i sound clueless (and that's how I feel), but what does this mean? What do I do at this point? And what is it for? Please please help.

    * Change these to different unique phrases!
    * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
    * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
    *
    * @since 2.6.0
    */
    define('AUTH_KEY', 'put your unique phrase here');
    define('SECURE_AUTH_KEY', 'put your unique phrase here');
    define('LOGGED_IN_KEY', 'put your unique phrase here');
    define('NONCE_KEY', 'put your unique phrase here');
    define('AUTH_SALT', 'put your unique phrase here');
    define('SECURE_AUTH_SALT', 'put your unique phrase here');
    define('LOGGED_IN_SALT', 'put your unique phrase here');
    define('NONCE_SALT', 'put your unique phrase here');

  2. Rev. Voodoo
    Volunteer Moderator
    Posted 4 years ago #

    you just replace the lines you posted with the ones generated by clicking the link you posted above in the wp-config.php file

  3. charmitch
    Member
    Posted 4 years ago #

    I don't get it. These are the lines from the wp-config.php file. I'm I suppose to put some type of phrase in them or just leave them as they are?

  4. Exactly as the file says:

    * Change these to different unique phrases!
    * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}

  5. Rev. Voodoo
    Volunteer Moderator
    Posted 4 years ago #

    replace these lines

    define('AUTH_KEY', 'put your unique phrase here');
    define('SECURE_AUTH_KEY', 'put your unique phrase here');
    define('LOGGED_IN_KEY', 'put your unique phrase here');
    define('NONCE_KEY', 'put your unique phrase here');
    define('AUTH_SALT', 'put your unique phrase here');
    define('SECURE_AUTH_SALT', 'put your unique phrase here');
    define('LOGGED_IN_SALT', 'put your unique phrase here');
    define('NONCE_SALT', 'put your unique phrase here');

    with the ones you get visiting https://api.wordpress.org/secret-key/1.1/salt/

  6. charmitch
    Member
    Posted 4 years ago #

    Thank you

  7. EC (Lisa) Stewart
    Member
    Posted 3 years ago #

    with the ones you get visiting https://api.wordpress.org/secret-key/1.1/salt/

    I got hung up on that, too. It appeared as though they wanted us to include /WordPress.org in the string!

    Thanks for clarifying, James & Rev Voodoo!

  8. SilentThunderStorm
    Member
    Posted 3 years ago #

    Better information can be found here:

    These are encryption keys to keep the cookies set on a viewers computer to be secure.

    You don't have to remember any of the keys, rather, the configuration file will use and remember them for you. Since it uses the same set of keys to encrypt and decrypt the cookies, this is the only place they need to be stored.

    Changing them requires the user to log in again, because the old cookie, with the old encryption key, can no longer be read.

    Any sequence of letters, numbers and symbols can be used... you could even simply put your name in each of them. Using the link, however, will result in random garbage, simply because this is far harder to crack.

    A further recommendation (per that same page): NOTE: Since Version 2.6, wp-config.php can be moved to the directory directly above the WordPress application directory.

    Doing this, and correctly setting permissions will help keep this file secure. Keep in mind that this file contains your database pathname, username, password, as well as your encryption keys. Keeping this file secure should be paramount.

Topic Closed

This topic has been closed to new replies.

About this Topic