Data Security

Better WordPress Security

The above video is about WordPress Security keys and how to better secure your website by changing the standard default keys.  There are 8 security keys that are placed in your “wp-config.php” file during the installation and creation of your WordPress site. The video is a little long, but it is thorough. Take what you can from it and ignore the rest.

DIY WordPress Security Fix

I am part of the “Chicago WordPress MeetUp Group“. During one of our meetings, we discussed 3 ways to improve your WP website security. When done right after your WordPress installation, they help prevent your WordPress website/blog from being compromised by a would be hacker.

The three suggestions are shown below in the order he mentioned:

1. Change your WP Security Keys

2. Change Your Table Prefix in WordPress

3. Changing the Default WP Username “Admin” and creating strong passwords

This article shows you how to do suggestion #1 – How to change your WP security keys.

Note: This is not for the faint of heart. If you are not comfortable doing this, then don’t. Get someone else to do this for you. Also don’t ever make changes to your WordPress site without first creating a back up.

Changing WordPress Security keys – Step 1

This is referring to the 8 WordPress security keys that are placed in your “wp-config.php” file during the installation (see below). The “wp-config.php” file contains the configuration information for access to your database and also various log-in information. it is located in the root directory of your WordPress installation. this is the file you will need to edit to better secure your site.

There are 8 WordPress security keys, you will need to change (see below).


There is a Random Security Code generator at the following url: It will be in the “Security Keys” section near the bottom of the page.

There will be a blue link titled “the online generator” (see below).

WordPress Online Generator Link

By clicking on this link, a random set of WordPress security keys will be generated. You will want to copy all of those records substitute those 8 keys with the original ones that were created during installation.

Changing WordPress Security keys – Step 2

To complete this step, you will need to have access to the server and eventually the directory folders where your installation of WordPress is stored.  This will require you to know your username/domain-name and the password.  Type the website address URL of the website you need to access. Now type in your log in credentials.  You should now be at your admin panel or cPanel.

Note: Depending on the hosting service, the screen will vary. For this example we are using a cPanel access of a website that is being hosted by  BlueHost is one of the best hosting companies in the world. Well that’s my opinion and thousands of others.

You need to navigate down to the files section and select the “File Manger” icon.  Select the website where WordPress is installed and click OK.  locate and open the the “wp-config.php” file by highlighting it and selecting edit in the cPanel. Depending on the type of installation you have performed the file may be in your root (main) folder of might be part of a sub-folder installation.

Changing WordPress Security keys – Step 3

Scroll down to the security section and replace the security codes in the file with the ones you copied to notepad.  save your file and verify that you can still see your website  and whether or not you can log into the admin panel.  If you have done everything correctly then you should have no problems.


My advice to you is to restore the “wp-config.php” file with the one you backed up and try again.  GOOD LUCK!

Learn More About WordPress!

Check out our WordPress Tutorials & WordPress Admin Guide

Was this Article helpful?

If this article was helpful, then consider doing the following:


Optimized by Optimole