This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

WP Auto Salts


Lightweight plugin to add some extra security to WordPress.
WP Auto Salts will renew the security salts and keys in wp-config.php on a weekly interval.

NOTE: Make sure the keys and salts in your wp-config.php are between the original markers /**#@+ and /**#@-*/ or between # BEGIN WP Auto Salts and # END WP Auto Salts (on new lines) or WP Auto Salts won’t work.

Please keep in mind that WP Auto Salts is still beta software.
If you have any issues using WP Auto Salts, find a bug or have an idea to make the plugin even better then please help to improve WP Auto Salts.
If you don’t report it, I can’t fix it!


  • wp-config.php before
  • wp-config.php after


  1. Upload the wp-auto-salts folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. No need to configure, it just works!


After installing WP Auto Salts, I immediately got logged out

Thats’s normal behaviour and actually a good thing. WP Auto Salts will try to renew the security keys and salts on activation of the plugin.
This will immediately invalidate all existing cookies and force all users to have to log in again.

I installed WP Auto Salts, but nothing changes in wp-config.php

WP Auto Salts looks for the beginning /**#@+ and ending /**#@-*/ in your wp-config.php and replaces everything between it.

 * Authentication Unique Keys and Salts.
 * Change these to different unique phrases!
 * You can generate these using the {@link secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 * @since 2.6.0
define('AUTH_KEY', 'your unique phrase here');
define('SECURE_AUTH_KEY', 'your unique phrase here');
define('LOGGED_IN_KEY', 'your unique phrase here');
define('NONCE_KEY', 'your unique phrase here');
define('AUTH_SALT', 'your unique phrase here');
define('SECURE_AUTH_SALT', 'your unique phrase here');
define('LOGGED_IN_SALT', 'your unique phrase here');
define('NONCE_SALT', 'your unique phrase here');


If these markers are not there, WP Auto Salts does not work.

You can also make WP Auto Salts work by putting the keys and salts between # BEGIN WP Auto Salts and # END WP Auto Salts :

`# BEGIN WP Auto Salts
define(‘SECURE_AUTH_KEY’, ‘your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘your unique phrase here’);
define(‘NONCE_KEY’, ‘your unique phrase here’);
define(‘AUTH_SALT’, ‘your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘your unique phrase here’);
define(‘LOGGED_IN_SALT’, ‘your unique phrase here’);
define(‘NONCE_SALT’, ‘your unique phrase here’);

END WP Auto Salts`
I installed WP Auto Salts and checked that the markers are there, but still nothing changes in wp-config.php

It is not possible for WP Auto Salts to write to wp-config.php. This can be caused by having a wrong ‘file owner’ on the server.
Typically, all files should be owned by your user (ftp) account on your web server, and should be writable by that account. On shared hosts, files should never be owned by the webserver process itself (sometimes this is www, or apache, or nobody user).
Please (contact your hosting company and have them) reset the file owner.


There are no reviews for this plugin.

Contributors & Developers

“WP Auto Salts” is open source software. The following people have contributed to this plugin.


Translate “WP Auto Salts” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Beta release