If I change the salt keys in my wp-config will all passwords break?

No the passwords won’t break (those are in the database and aren’t changed by changing the salt). However all logged-in users will have to login again.

More on Salts here.

Note: Updating your keys & salts will force all logged in users to log in again, because changing them automatically invalidates the login of any user logged in to the site. For example, if you have any suspicions of a hack, updating your security keys and salts will force the logout and reauthentication of all logged in users.

And a very good, and much more technical explanation here.

The salt gives your logins an extra layer of security, as they are added to the cookie the user gets when he/she logs in. Without the salt, the username and password are much easier to crack/guess/hack.

Feel free to change the salts often, some say every 30 days for added security, though personally I don’t change them this often.

Related Posts:

  1. Safe to store SMTP password in wp-config.php?
  2. How secure is a wp-config file?
  3. wordpress redirect after password reset
  4. Loosen/disable password policy
  5. Password protecting a page
  6. How to save Admin FTP password
  7. Bypass password protected posts via GET variable
  8. How to add Wp_error using lostpassword_post hook when validating custom field?
  9. Why do generated passwords start/end with spaces?
  10. Duplicate hash method for password in .NET
  11. Hide password protected posts
  12. Access code/password only restricts page access, no user registration..?
  13. PasswordHash not found in namespace
  14. Force all users in MU to change their passwords
  15. Check Password Reset Key Not Woking
  16. Reset password – set minimum length for new password
  17. How to shorten length of auto generated password sent during registration?
  18. Forgot password not working
  19. wp_hash_password unexpected behaviour
  20. Password reset message – change the network_home_url( ‘/’ )
  21. Lost password link is redirecting to /shop/my-account/lost-password/
  22. WordPress: force users to change password on first login
  23. Can’t login to wordpress despite changing password to something known directly in MySQL or using “Password Reset by Email” feature
  24. Change default recovery link expiration time
  25. Lost password link redirects to my-account/lost-password/,how to fix it back to default lost password
  26. Password protect custom template
  27. Set content type to HTML for lost password email only
  28. Custom password generator for users
  29. Where is the reset password key stored/generated?
  30. How validate usernames/passwords against WP’s database?
  31. Make post password required to publish
  32. Add error message on password protected pages
  33. User password field is empty
  34. Password reset bug? – “Sorry, that key does not appear to be valid”
  35. Get plain password on register
  36. post_password_required() not recognizing cookie set with correct password
  37. Is there any point setting the keys and salts in wp-config.php?
  38. Password protect the site (without htaccess or membership)
  39. Password Protected page not asking for a password
  40. I would like to password protect my entire WordPress site (ip validated), except for one page
  41. Password protection for page template
  42. Custom login form for front-end user as well as admin
  43. how to remotely check a username / password from within a plugin
  44. Password changed [duplicate]
  45. Adding parameters to password reset key
  46. wp_hash_password create a different hash everytime
  47. Custom password form allows unlock two posts with the same password
  48. How to change password
  49. How do I transfer user passwords from one WordPress site to another?
  50. password recovery key is invalid on custom reset
  51. Password Protected Post is invisible until you login
  52. Send password to user instead of reset password link
  53. Protect Passwords in wp_users with stronger protection than MD5
  54. How to Remove or Deactivate “Application Passwords” in WordPress
  55. What’s the algorithm to verify user password?
  56. How to change “Reset Password” text on submit button
  57. How to recover password from a user
  58. resend user login & password with custom button
  59. How to show my wordpress admin username & password?
  60. Why does hashing a password result in different hashes, each time?
  61. how to encyrpt DB_PASSWORD in wp-config
  62. Can’t alter $lostpassword_url
  63. current user’s password check
  64. How to read third party cookie to access password protected pages
  65. Ask logged in user to re-enter password to access page “x”
  66. Password Protect or IP to access under development WordPress site otherwise shown a placeholder page
  67. Password protected sites
  68. 2 accounts under same email preventing me from loging in
  69. How would I create a Password Protected Page with Content on it?
  70. Site only for users authenticated by different PHP application
  71. wordpress custom password change problem
  72. Allow all reset password links within the past 24 hours to be valid and accepted
  73. WooCommerce Lost Password reset goes to 404
  74. I need help with wp_lostpassword, wp_register and wp_login_form
  75. I can’t recover my password
  76. Frontend custom forgot password page
  77. Cannot get function.php code to work to remove Lost Password link on live site
  78. Password Protect content() on homepage
  79. Function called by password_reset action passed only 1 argument instead of 2 in PHP 7.2.11
  80. How to set password from frontend if have activation key and user login in url in wordpress?
  81. Allow users from my ASP.Net MVC site to access my private WordPress site
  82. WordPress Protected Page Redirects to PDF
  83. Bypass a WordPress Password Protected Post or Page via a URL
  84. Custom page password recovery
  85. Can I use core passworded page/post functions outside of wp-login.php?
  86. Is it possible to display newly generated password after wp_generate_password()?
  87. Password protect wp-login.php
  88. forgot password
  89. mysql update user’s password and activation key
  90. Is it possible to have users register without having a password?
  91. Password Protection for posts and pages [duplicate]
  92. How WordPress hashes passwords
  93. Reset Password – change from name and email address. It stucks at admin. Want to change it to info
  94. WordPress reset password button not working
  95. Override the default password length when creating or updating a user profile
  96. Why can’t I create an Application Password?
  97. FTP Password (not private key-value pair) for EC2 Instance
  98. How to Disable Pre-population of Password on Password Reset
  99. Bypass a WordPress Password Protected Page via url
  100. My WordPress password for admin account is changing automatically

Leave a Comment