Monthly Archives: May 2014

How and where to use wordpress security keys

27 Tuesday May 2014

Posted by in WordPress

4 Comments

Tags

wp_securitykey

WordPress security keys and salts come by default with your wordpress installation and it works cool, but to make it stronger you can add new keys. You can see your wordpress security keys and salts in wp-config.php file that is in your main wordpress directory. Below is the sample for wordpress security keys and salts that you see in your wp-config.php

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         '/hHrAb@zT|.-,+5+6d+p/vgvoBo%^_uByCSRF5s}|X$}oKnV.6QeS%Z7 +[&b^Mq');
define('SECURE_AUTH_KEY',  'bD- +{BOSiGR{cazC**g%UZ~evg4Fi;gldyEZwo |$?Sr0mCg|XB]=*wk^95/(k+');
define('LOGGED_IN_KEY',    'urr!,9Md+:tv0LG0unbD{jE{/Wb$xDd2oE$db|F#:}-yhU}_q-~i{$%^B*');
define('AUTH_SALT',        '.uXW!]|5D)WYza(*Bfv@c,WeHuZpi+/*cOQM;anz]Wn@$JR:s}9Y%RW||[)|N1e6');
define('SECURE_AUTH_SALT', 'K=[42 K20RoEiyq*k7$AVL+_S4veav^jd]2u.^#Ku-s)G>6xP+!F[=9;CPpaqIP*)P&LoOkNu#}_>H2mSu]ZO?|fu%kt9QnZWg)D3h$||up77n3(q?w}!-Gb');
define('NONCE_SALT',       'P:$u1_xKe0u%NA-rRR[4{Qg0%fI72Pm5W;WQ4`atpa*v~7X%jwvgY@;.^+koG.yN');

/**#@-*/

Don’t copy this key instead generate and grab the whole variables from wordpress secret key generator. Now paste the generated keys in your wp-config.php file accordingly. Now save the file and you don’t need to remember these variables anymore. Generate these keys once again and add it accordingly in your wp-config.php just in case if you recovered your site from a serious hack.

One more thing if your any users were logged in to your wordpress dashboard then they will be asked to login again.

Hope this article helped you with securing your wordpress site using wordpress security keys and salts.

Advertisement

Manual Updating WordPress

03 Saturday May 2014

Posted by in WordPress

7 Comments

Tags

update-wp1

  1. Get the latest WordPress zip (or tar.gz) file
  2. Unpack the zip file that you downloaded.
  3. Deactivate plugins.
  4. Delete the old wp-includes and wp-admin directories on your web host (through your FTP or shell access).
  5. Using FTP or your shell access, upload the new wp-includes and wp-admin directories to your web host, in place of the previously deleted directories.
  6. Upload the individual files from the new wp-content folder to your existing wp-content folder, overwriting existing files. Do NOT delete your existing wp-content folder. Do NOT delete any files or folders in your existing wp-content directory (except for the one being overwritten by new files).
  7. Upload all new loose files from the root directory of the new version to your existing wordpress root directory.

NOTE – you should replace all the old WordPress files with the new ones in the wp-includes and wp-admin directories and sub-directories, and in the root directory (such as index.php, wp-login.php and so on). Don’t worry – your wp-config.php will be safe.

Be careful when you come to copying the wp-content directory. You should make sure that you only copy the files from inside this directory, rather than replacing your entire wp-content directory. This is where your themes and plugins live, so you will want to keep them. If you have customized the default or classic themes without renaming them, make sure not to overwrite those files, otherwise you will lose your changes. (Though you might want to compare them for new features or fixes..)

Lastly you should take a look at the wp-config-sample.php file, to see if any new settings have been introduced that you might want to add to your own wp-config.php.