WordPress security keys and salts come by default with your wordpress installation and it works cool, but to make it stronger you can add new keys. You can see your wordpress security keys and salts in wp-config.php file that is in your main wordpress directory. Below is the sample for wordpress security keys and salts that you see in your wp-config.php
/**#@+ * Authentication Unique Keys and Salts. * * Change these to different unique phrases! * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. * * @since 2.6.0 */ define('AUTH_KEY', '/hHrAb@zT|.-,+5+6d+p/vgvoBo%^_uByCSRF5s}|X$}oKnV.6QeS%Z7 +[&b^Mq'); define('SECURE_AUTH_KEY', 'bD- +{BOSiGR{cazC**g%UZ~evg4Fi;gldyEZwo |$?Sr0mCg|XB]=*wk^95/(k+'); define('LOGGED_IN_KEY', 'urr!,9Md+:tv0LG0unbD{jE{/Wb$xDd2oE$db|F#:}-yhU}_q-~i{$%^B*'); define('AUTH_SALT', '.uXW!]|5D)WYza(*Bfv@c,WeHuZpi+/*cOQM;anz]Wn@$JR:s}9Y%RW||[)|N1e6'); define('SECURE_AUTH_SALT', 'K=[42 K20RoEiyq*k7$AVL+_S4veav^jd]2u.^#Ku-s)G>6xP+!F[=9;CPpaqIP*)P&LoOkNu#}_>H2mSu]ZO?|fu%kt9QnZWg)D3h$||up77n3(q?w}!-Gb'); define('NONCE_SALT', 'P:$u1_xKe0u%NA-rRR[4{Qg0%fI72Pm5W;WQ4`atpa*v~7X%jwvgY@;.^+koG.yN'); /**#@-*/
Don’t copy this key instead generate and grab the whole variables from wordpress secret key generator. Now paste the generated keys in your wp-config.php file accordingly. Now save the file and you don’t need to remember these variables anymore. Generate these keys once again and add it accordingly in your wp-config.php just in case if you recovered your site from a serious hack.
One more thing if your any users were logged in to your wordpress dashboard then they will be asked to login again.
Hope this article helped you with securing your wordpress site using wordpress security keys and salts.