Security keys scan

What It Checks

This scanner checks if the security keys are correctly set. WordPress provides 10 security keys, each key has its own purpose. These keys must be set with long random strings: don't keep the default value, don't store them in the database, don't hardcode them.

Why It Matters

WordPress provides 10 security keys, each key has its own purpose. These keys must be set with long random strings: don't keep the default value, don't store them in the database, don't hardcode them. Security keys are used to encrypt sensitive information like cookies and sessions, so they must be strong and unique.

What You'll See

Good Status:

• All security keys are properly set.

Bad Status:

• The following security keys are not set correctly:
• Not Set: [key names]
• Default Value: [key names]
• Too Short: [key names]
• Hardcoded: [key names]
• From DB: [key names]

Warning:

• This fix is pending, please reload the page to apply it now.
• The wp-config.php file could not be located.

Cannot Fix Automatically:

• The wp-config.php file is not writable, security keys could not be changed.
• The security keys fix has been applied but there is still keys that could not be modified so far.
• Some keys have been deleted from database, but some could not. Please do it manually, refer to the documentation if needed.

How to Fix

Create a must-use plugin to replace your actual keys stored in wp-config.php or in your database to keep them safer. SecuPress can automatically generate new security keys and move them to a more secure location. If the file is not writable, you may need to manually edit it or contact your hosting provider.

Security Keys