Your WordPress site has a cool little feature called “Security Salts” that I set regularly for our WordPress Maintenance (or Hoshu) customers.
It helps you encrypt passwords, cookies, etc. by mixing in a complicated set of characters together with crucial login data.
These settings really help preventing hackers from stealing your login credentials. But I’ve found that many WordPress sites don’t make use of this simple but powerful feature.
I have also found that even without using some special security plugin, many sites do have their salts set. This says to me that it could be based on the server’s “quick install” settings.
So don’t leave it up to luck! If you want to check whether your salts are set, you can find them in the wp-config.php file. To find it you’ll have to use FTP or your server control panel’s file manager.
You will have to be careful though, because these are crucial files. If they are changed or erased, your WordPress site will break.
