Secret keys (salts)

Secret keys enhance WordPress security through user authentication with the placement of a cookie in the user’s Web browser. They are also referred to as salts, a word commonly used in cryptography to represent random keys, such as in a password. Secret keys in your wp-config.php file make your site harder for outside sources to gain access to because they add random keys to the user password.

These keys aren’t populated during the WordPress installation, so after the
installation is complete, you need to visit the wp-config.php file to set the
keys so that your WordPress installation has unique keys that are different
from any other installation — making it more secure because the keys are
specific only to your site. By default, the code in the file looks like this:

/**#@+

* Authentication Unique Keys and Salts.

* Change these to different unique phrases!

* You can generate these with the {@link https://api.wordpress.org/secret-key/1.1/
salt/ WordPress.org secret-key service}. You can change these at any point in
time to invalidate all existing cookies. This will force all users to have to
log in again.

* @since 2.6.0

*/

define(‘AUTH_KEY’,         ‘put your unique phrase here’);

define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);

define(‘LOGGED_IN_KEY’,           ‘put your unique phrase here’);

define(‘NONCE_KEY’,     ‘put your unique phrase here’);

define(‘AUTH_SALT’,      ‘put your unique phrase here’);

define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);

define(‘LOGGED_IN_SALT’,            ‘put your unique phrase here’);

define(‘NONCE_SALT’,     ‘put your unique phrase here’);