Authentication Salts and Keys are a set of eight unique, random variables stored in the `wp-config.php` file that provide an extra layer of security for WordPress user data. They are used to encrypt and "salt" the cookies that keep a user logged into a site. By adding a random string of characters to the user's password and cookie data, Salts make it mathematically impossible for an attacker to use a "rainbow table" attack to decrypt a password hash. In professional WordPress security audits, ensuring that these keys are unique and frequently rotated is a top priority. For Niagara businesses handling customer data, Salts are the silent guardians of the login process. If a site is migrated or compromised, regenerating these keys instantly invalidates all active sessions, forcing everyone to log back in with a fresh, secure cookie. This is a foundational element of WordPress hardening that protects both the site administrator and the end-user.
Glossary entry