>Edit system files or install plugin
>Text editor or plugin
If your WordPress was installed was 2.5 or higher than you will find that the secret keys are already present in your wp-config.php
Regardless of this you need to add newly generated keys to your your wp-config.php as the defaults installed by WordPress are already known to hackers.
To manually update the Secret Key in your wp-config.php use this hash tag generator provided by WordPress to generate new secret keys, it will generate new keys every time the page is refreshed.
Just copy the eight lines of code right below the database credentials into your wp-config.php file and you are done.
An alternative to using SALT and changing the keys
Plugin: Chap Secure Login
This plugin does a similar job of securing WordPress login but in a different way. With this method the only string that is transferred unencrypted is the username to access WordPress dashboard. Your password will be hashed out with a complex MD5 algorithm.
Good news for the less technical savvy is you won’t have to perform any configuration changes as this is a zero configuration plugin.
Note: The first time you login it will fail but the second will be successful. So, don’t panic if your first login fails after successful plugin installation. Just re-enter your correct password!