WordPress Security Key Generator - Secure Salts & Auth Keys
Generate unique, cryptographically strong WordPress security keys and salts locally in your browser. Secure your wp-config.php file without server transmission.
// Click 'Generate' to create keys...About
This tool generates the authentication keys and salts required for the wp-config.php file. These keys add a layer of cryptographic randomness to user cookies and passwords stored in the database. Changing these keys invalidates all existing login sessions, forcing every user to log in again - a critical step if you suspect a site compromise.
Unlike online generators that might log your keys, this tool runs entirely in your browser using window.crypto. Your unique keys are mathematically generated locally and never transmitted over the network, ensuring zero-knowledge privacy.
Formulas
The strength of a password or key is defined by its entropy (measured in bits). The WordPress keys generated here utilize a character set S of 85 safe ASCII characters.
Where L = 64 (length of string) and N = 85 (character set size). This results in approximately 410 bits of entropy per key, far exceeding the cryptographic requirement for brute-force resistance.
Reference Data
| Constant Name | Function | Risk Level |
|---|---|---|
| AUTH_KEY | Used to sign authorization cookies for non-SSL admin pages. | High |
| SECURE_AUTH_KEY | Used to sign authorization cookies for SSL admin pages. | Critical |
| LOGGED_IN_KEY | Used to create a cookie for a logged-in user. | Medium |
| NONCE_KEY | Used to sign nonces (tokens) to protect against CSRF attacks. | High |
| AUTH_SALT | Adds entropy to the AUTH_KEY hash. | High |
| SECURE_AUTH_SALT | Adds entropy to the SECURE_AUTH_KEY hash. | Critical |
| LOGGED_IN_SALT | Adds entropy to the LOGGED_IN_KEY hash. | Medium |
| NONCE_SALT | Adds entropy to the NONCE_KEY hash. | High |