Ensure SALT secret key authentication method is being used

Protection Requirement:

BASIC

Skills/Resources:

>Edit system files or install plugin
>Text editor or plugin

THE THREAT
SALT was introduced by WordPress to improve password security but it might not be active on your WordPress installation.

THE OBJECTIVE
Check that SALT is installed and active. Change default keys to newly generated keys or use an alternative password encryption method.

PROPOSED SOLUTION
If your original WordPress was installed prior to 2.5 then you probably don’t have the secret keys in your wp-config.php file.

If your WordPress was installed was 2.5 or higher than you will find that the secret keys are already present in your wp-config.php

Regardless of this you need to add newly generated keys to your your wp-config.php as the defaults installed by WordPress are already known to hackers.

To manually update the Secret Key in your wp-config.php use this hash tag generator provided by WordPress to generate new secret keys, it will generate new keys every time the page is refreshed.

https://api.wordpress.org/secret-key/1.1/salt/

Just copy the eight lines of code right below the database credentials into your wp-config.php file and you are done.

An alternative to using SALT and changing the keys

Plugin: Chap Secure Login

This plugin does a similar job of securing WordPress login but in a different way. With this method the only string that is transferred unencrypted is the username to access WordPress dashboard. Your password will be hashed out with a complex MD5 algorithm.

Good news for the less technical savvy is you won’t have to perform any configuration changes as this is a zero configuration plugin.

https://wordpress.org/plugins/chap-secure-login/

Note: The first time you login it will fail but the second will be successful. So, don’t panic if your first login fails after successful plugin installation. Just re-enter your correct password!

MORE ADVANCED
none

NEED HELP?
If you need help implementing this and other security measures then Virtual Webmaster Services can help. Visit Virtual Webmaster Services

RESOURCES
none