Securing Self-Hosted WordPress Blogs

Posted on April 30, 2010 by Rick Clark

The following information comes from the WordPress.org website concerning Security Keys. For more information on securing your WordPress blog go to Mashable.com. This is valuable information, so I won’t have to spend hours trying to find it the next time I set up a blog,  I decided to post it here.

Security Keys

Beginning with Version 2.6, three (3) security keys, AUTH_KEY, SECURE_AUTH_KEY, and LOGGED_IN_KEY, were added to insure better encryption of information stored in the user’s cookies. Beginning with Version 2.7 a fourth key, NONCE_KEY, was added to this group.

You don’t have to remember the keys, just make them long and complicated or better yet, use the the online generator. You can change these at any point in time to invalidate all existing cookies this does mean that all users will have to login again.

Example:

define('AUTH_KEY', ':dr+%/5V4sAUG-gg%aS*v;&xGhd%{YKC^Z7KKGh j>k[.Nf$y7iGKdJ3c*[Kr5Bg');
define('SECURE_AUTH_KEY', 'TufWOuA _.t>#+hA?^|3RfGTm>@*+S=8\"\'+\"}]<m#+}V)p:Qi?jXLq,<h\\`39m_(');
define('LOGGED_IN_KEY', 'S~AACm4h1;T^\"qW3_8Zv!Ji=y|)~5i63JI |Al[(<YS<2V^$T])=8Xh2a:b:}U_E');
define('NONCE_KEY', 'k1+EOc-&w?hG8j84>6L9v\"6C89NH?ui{*3\\(t09mumL/fFP_!K$JCEkLuy ={x{0');

A secret key is a hashing salt which makes your site harder to hack and access harder to crack by adding random elements to the password.

In simple terms, a secret key is a password with elements that make it harder to generate enough options to break through your security barriers. A password like “password” or “test” is simple and easily broken. A random, unpredictable password such as “88a7da62429ba6ad3cb3c76a09641fc” takes years to come up with the right combination.

Go to https://api.wordpress.org/secret-key/1.1/ and copy the results into the “Authentication Unique Keys” section of your wp-config.php file:

/**#@+

* Authentication Unique Keys.

*

* Change these to different unique phrases!

* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service}

* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.

*

* @since 2.6.0

*/

define(‘AUTH_KEY’, ‘put your unique phrase here’);

define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);

define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);

define(‘NONCE_KEY’, ‘put your unique phrase here’);

/**#@-*/

This entry was posted in WordPress. Bookmark the permalink.
  • http://www.musiclyricsnow.net/ All Music Lyrics

    Thanks for a great post and interesting comments. I found this post while searching the web for freebies. Thanks for sharing this post.

  • http://treatmentfortoenailfungus.blogspot.com/2010/04/treatment-for-toenail-fungus.html toe nail fungus treatment

    Good report,I recently subscribed to your feed.

  • Pingback: Tweets that mention Securing Self-Hosted WordPress Blogs « Clark Web Design Blog -- Topsy.com

  • http://astore.amazon.com/150cc.scooter-20 150cc scooter motor

    That was a brilliant blog post,I count on some more post from you.

  • http://astore.amazon.com/150cc.scooter-20 150cc motor scooter

    Great report,I count on some more post from you.

  • http://www.xrumerchina.com/ 黑帽SEO

    Thanks for this

    information

  • http://photoshoptutorials.dk Georgie Kehoe

    I tried to subscribe to your rss feed, but had a problem adding it to google reader. Could you please check this out.

  • http://clarkwebdesign.com Rick Clark

    Hi Georgie. It took a little jiggling, but I got the feed working correctly now. Thanks for pointing it out.

    Rick

  • cyptotorkerne

    Just want to say what a great blog you got here!
    I’ve been around for quite a lot of time, but finally decided to show my appreciation of your work!

    Thumbs up, and keep it going!

    Cheers
    Christian, iwspo.net

  • http://www.xrumerchina.com/ 英文SEO

    great share, great article, very usefull for me…thank you

  • http://www.zivvo.com Courses In Web Design

    Great post. Very refreshing given all the duplicate content out there. Thanks for doing something original.

  • http://www.zivvo.com Online Web Design Courses

    I’m doing some research in this field and your post has helped a lot, thank you.

  • http://freestuff-stuff010101.onsugar.com/posts/feed Adam Free

    Cheers for this write-up. Really appreciated. We normally have to trawl through loads of junk to locate a little beneficial info! Any one know the most impressive website for getting free things inside the Us?

  • http://www.wholesale-polo-shirts.com/ Wholesale polo shirts

    Thank you for Posting & I got to read nice information on your site.

  • http://www.clshoescn.com Christian Louboutin Shoes

    Thanks for this

    information

  • http://www.d-rash.com james mino

    You wouldnt believe how long ive been searching for something like this. Went through 8 pages of Yahoo results and couldnt find anything. One search on Bing. There you are!…. Really gotta start using that more often

  • http://www.wholesalecoolsunglasses.com/versace-sunglass-c-17.html Versace Sunglasses

    great experience, dude! thanks for this great

    Articles wow… it’s very wonderful report.

  • http://www.youtube.com/watch?v=LEFkvlnaKks free samples

    Hmmm… well I guess you learn something new everyday. Got something outta this that I realize before. Thanks… reply by Free Samples

  • http://www.youtube.com/watch?v=LEFkvlnaKks free samples

    Well after reading this I thought I’d leave a little note. Obviously I’m giong to have to come back when I’m not so rushed to check out some more of your posts or threads, whatever you call em here lol ! Thanks… reply by: Free Makeup Samples

  • http://www.discountdesirebags.com louis vuitton shoes

    I enjoy reading the report, too. It′s easy to understand that a journey like this is the biggest event in ones

    life.

  • http://clarkwebdesign.com Rick Clark

    Yes, it is a big investment of time. But it sure pays off. Txks

  • http://clarkwebdesign.com Rick Clark

    They say as long as you’re learning “you aint dead yet….” Thanks

  • http://www.discountdesirebags.com basketball jerseys

    I agree with your Blog and I will be back to check it more in the future so please keep up your work. I love your content & the way that you write. It looks like you’ve been doing this for a while now, how long have you been blogging for?

  • http://clarkwebdesign.com Rick Clark

    Thanks for the compliment. I have only been blogging for less than a year. However, I have been writing and speechafying for since I received my degree.

  • http://www.isafesoft.com/ free keylogger

    Thanks for best news!

  • http://www.wholesalecoolsunglasses.com/ Discount sunglasses

    This is an interesting article. Thanks for sharing.

  • http://kaospolosgrosir.wordpress.com/ grosir kaos polos

    Great article. Looking forward to reading more posts by you. Thanks.

  • http://www.indoreload.com pulsa elektrik

    thanks to the writer,your article is really beneficial for my research

  • http://www.uwsp.edu/athletics/mbb/camps.htm Summer Camps

    Best you should make changes to the webpage title Securing Self-Hosted WordPress Blogs Clark Web Design Blog to something more suited for your subject you create. I enjoyed the post even sononetheless.