Security keys scan

The scan

This scan checks the security keys are properly set. These keys are long random strings that should not:

  • have a default value,
  • be saved in the database,
  • be stored 'as is' in any file.

The fix

SecuPress is going to delete the current values stored in the wp-config.php file or in the database, then create a « Must Use » plugin (a special plugin that cannot be deactivated). This plugin will dynamically generate these values. (This plugin was previously known as « Alicia ».)

What if the fix doesn't work ?

If SecuPress tells you wp-config.php is not writeable:

  • Access your site via FTP and check the chmod for wp-config.php. It should read 0644. If it doesn't, modify the permissions and try clicking the 'fix it' button again. If you don't know what 'chmod' is then do nothing and contact our support team.

If SecuPress tells you some keys could not be edited, it means a few things :

  • the « Must Use » plugin responsible for creating the security keys has been properly created.
  • These keys can be stored in the wp-config.php file (in the vast majority of cases) or in the database (less common) or potentially in any other file (very rare). In the latter case, SecuPress can't possibly know where the keys are stored, and thus cannot delete them. They are most likely stored in another « Must Use » plugin. If you know what you're doing, you can search for « AUTH_KEY » and delete the plugin or comment out the offending lines of code. But really, we recommend you get in touch with our support team. They likely know what's best to do.