Join Jeff Starr for an in-depth discussion in this video Configure authentication keys, part of WordPress: Developing Secure Sites .
- [Lecturer] In this video we improve the security of the WordPress user log in process by adding a set of secret keys to the site's configuration file. This is an important step designed by the WordPress team to better secure your website. Here we are in our FTP/file editor looking at the WP config file. Scroll down to just beneath the database credentials to where it says, Authentication Unique Keys and Salts. As you can see, freshly installed WordPress doesn't provide unique secret keys so we'll need to add our own.
The quickest and easiest way to generate strong key values is to visit WordPress own secret key service at this URL. Just visit the page, copy the keys, and then paste them into your configuration file, like so. Once the keys are in place, save and upload the configuration file to the server, and that's all there is to it. WordPress will now use these keys to help keep user log-ins super secure. Enabling a strong set of security keys helps to insure that attackers can't hijack a logged in user's session and gain access to the Admin area.
Of course, you don't want to use these example keys shown here. The whole point is to specify your own unique phrases to improve log-in security, and it's totally fine to replace these keys at any time, for any reason. The only side effect is that any currently logged in users will need to log-in again. Trust me, the extra security is worth the minor inconvenience. In this tutorial, we enable WordPress to more securely manage the user log-in process. This functionality is built into WordPress by default, but you need to enable it by adding your own set of unique secret keys.
In the next video, we further improve security by specifying a unique database prefix.
- Backing up and restoring your site
- Setting up strong passwords
- Understanding users and roles
- Choosing trusted plugins and themes
- Changing and recovering passwords
- Configuring authentication keys
- Securing the login page
- Fighting spam in the comments
- Blocking access and detecting hacks
- Building a firewall for WordPress
- Detecting and blocking bots
- Auditing your WordPress security