It’s always said that if something is a boon, it will also carry some negative points. WordPress is popular; this is a boon to every WordPress user as this popularity ensures that there is active development around it. WordPress is popular; this is a bane to every WordPress user as it gets frequently attacked by hackers and nasty people. In this series, we’ll try to make WordPress as secure as one can. In this post, we’ll define secret key for WordPress and we’ll later move to advanced techniques to achieve more desired results -
What is Secret Key?
WordPress has this unique feature where, Secret Key acts as a hashing salt which makes your site harder to hack and access harder to crack by adding random elements to the password. If I have to explain it in simple terms – Secret Key is a unique phrase that’ll help in better encryption of information stored in cookies.
How can I generate a unique secret key?
The team Automattic has created this wonderful Secret Key Generator. It will generate the full code for you that you need to replace in the WordPress configuration file. Don’t worry about the uniqueness of the key as it will always generate a random key every time!
Where can I define it, is it important to do it?
It is not the most ultimate thing you would want to do. However, I would certainly suggest you to add this in ensuring that your WordPress installation becomes a little bit secure. If you did a latest and manual installation of WordPress, you’d know about wp-config.php file. Secret key needs to be defined in the configuration file.
You may follow these instructions to define the Secret Key in WordPress -
* Download wp-config.php file from WordPress installation’s root folder.
* Make a backup of it.
* Find “Authentication Unique Keys” and below that you’ll find ‘Auth_Key’ up to ‘Nonce_key’.
* Replace all that with the unique generated by the secret key generator.
* Upload and replace the wp-config file. In case something goes wrong, we can be rest assured that we have already done the backup in second step!
Pretty simple! Huh? There will be slightly difficult steps for securing wordpress in forth coming posts!