VPS Plans HelpDesk Services MARKETPLACE Tutorials Support My Account
Home / WordPress / Regenerate WordPress SALT Keys: How and Why

Regenerate WordPress SALT Keys: How and Why

Regenerate SALT keys in wp-config.php to invalidate sessions after a security incident or credential leak.

Views: 19 Unique: 16 Updated: 2026-03-18

What this problem is

You need to invalidate all logged-in sessions or improve security by regenerating authentication keys and salts.

Why it happens

  • Suspected compromise
  • Credentials leak or shared admin access
  • Hardening after cleanup

Prerequisites

  • FTP/File Manager access to edit wp-config.php

Diagnosis

Regenerating SALT keys logs out all users. Plan a maintenance window if needed.

Detailed steps

Step 1) Back up wp-config.php

Download a copy before editing.

Step 2) Replace keys and salts

In wp-config.php, replace all AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY and their salts with fresh values from the official WordPress secret-key service.

Step 3) Test login

Log in again. Confirm old sessions are invalidated.

Expected results

  • All sessions are logged out and new cookies are signed with new salts

What to do if it fails

  • If you get a syntax error, restore the backup wp-config.php and retry carefully

Best practices

  • Rotate salts after hacks and whenever admin credentials may be exposed
Back to category