Lee Odden

Keep your blog secure by adding in security keys.

Lee Odden     Blogging Strategy

SecurityKeeping your blog secure is extremely important these days. So much so that new installs of WordPress ask the user to create four security keys. These keys help ensure that the cookies placed in your browser when logged in are not easily de-coded by would be hacker sites. Some pre-existing installs of WordPress may only have one or two security keys while others may have none.

“Beginning with Version 2.6, three (3) security keys, AUTH_KEY, SECURE_AUTH_KEY, and LOGGED_IN_KEY, were added to insure better encryption of information stored in the user’s cookies. Beginning with Version 2.7 a fourth key, NONCE_KEY, was added to this group.

You don’t have to remember the keys, just make them long and complicated or better yet, use the online generator. “

If you have been using WordPress for a while, you may not have these keys in place and this could cause security issues. It’s a simple fix though.

WordPress has a tool to randomly generate the four keys. You can get yours at:

Once you have them, open up your wp-config.php file and past them in. If you have one or two security keys already you can either replace them or just add in the new ones.

Save the file, re-upload it and you’re done.

You’ll probably have to re-login to your blog, but the security keys will now be in place and can help give you peace of mind.

Keep in mind however that these are only one part of having a secure blog. Other things to keep in mind are:

  • Use strong password for your blog login.
  • Use strong password for your hosting login.
  • Use strong password for your database login.
  • Only using plugins that you can trust.
    • Research a plugin before installing it to see what other say.
  • Never give out your passwords.
  • Keep your blog software & plugins up-to-date. 

If you want to test out your password, Microsoft has a nice password checker tool that is free to use.

What other suggestions do you have to help keep a blog secure?

PoorSo SoOKGoodAwesome (No Ratings Yet)

Lee Odden About Lee Odden

@LeeOdden is the CEO of TopRank Marketing and editor of Online Marketing Blog. Cited for his expertise by The Economist, Forbes and the Wall Street Journal, he's the author of the book Optimize and presents internationally on B2B marketing topics including content, search, social media and influencer marketing. When not at conferences, consulting, or working with his talented team, he's likely running, traveling or cooking up something new.


  1. Thanks, nice post. I have a bunch of WP sites that this could help with!

  2. Great tips. Here’s another set of tips directly related to passwords: http://www.6x57f.th8.us

  3. Good additions to keep your WP blog from getting hacked is to use difficult naming conventions with your database. Also change the table prefix in the database.

    Human tests are good for comment areas and account creations.

    Also to keep from being spammed you can check the referring URL on admin pages and comment pages to make sure they aren’t filling out php files from outside the site.