Server & DevOps
WordPress Security Keys Generator
Generate a fresh set of the eight WordPress secret keys and salts (AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY and their salts) for your wp-config.php. Created with your browser’s secure RNG and never sent to a server — rotate them any time to force-log-out attackers.
Loading tool…
Need reliable hosting, a domain, or a hand setting this up?
Get a free quote →About the WordPress Security Keys Generator
The WordPress Security Keys Generator produces a fresh set of the eight secret keys and salts WordPress uses to secure logins and cookies — AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY and their four matching salts. Copy the ready-formatted define() lines straight into your wp-config.php. Each key is 64 characters of high-entropy randomness generated by your browser's secure RNG and never sent anywhere.
This free tool by Hosting Cambodia is a must after any security scare: rotating these keys instantly invalidates every stolen session cookie and forces all users to log in again, locking out an attacker who grabbed a session.
Frequently asked questions
What happens when I change these keys?
Everyone currently logged in — including you — is logged out and has to sign in again. Nothing else breaks: posts, settings and passwords are untouched. It's a safe, quick way to invalidate stolen sessions.
How often should I rotate them?
There's no fixed schedule, but rotate them immediately after any suspected compromise, when handing a site to a new owner, or if the keys were ever exposed. Otherwise, occasional rotation is good hygiene.
Are the keys generated securely?
Yes. They're built from the browser's crypto.getRandomValues (a cryptographically secure source) and generated entirely on your device — nothing is transmitted to any server.
Explore the full free web tools toolbox by Hosting Cambodia.