WordPress Salt Generator
Generate WordPress secret-key constants (AUTH_KEY and others) in batch and output them in a format ready for wp-config.php.
Status
Runs in your browser. No input is sent to a server.
How to use
Set desired length and click Generate. Replace existing key constants in `wp-config.php` with the output.
Notes (this tool)
- Create a backup before applying keys in production.
- Users may need to log in again after rotating keys.
About this page
What does this tool do?
Generates all 8 WordPress secret constants used for authentication and cookie protection from secure random values.
Output is in `define(...)` format, so you can paste it directly into `wp-config.php`.
What this tool does
- Generate AUTH_KEY through NONCE_SALT in one run
- Regenerate with custom length
- Copy a wp-config.php-ready snippet
Operational workflow
- Generate on fresh setup or suspected key leak
- Replace existing 8 constants with new values
- Confirm login/session behavior after replacement
Notes
- Updating these constants can invalidate existing login sessions.
- Generated values are secrets. Do not paste them into public repositories or shared chats.
Referenced specs
- WordPress Developer Resources (wp-config.php / security keys)
- W3C Web Crypto API
FAQ
How is this different from the WordPress.org secret-key service?
This page generates values locally in your browser. Use it when you want keys without sending data outward.
When should I rotate these keys?
Key times include suspected leaks, admin handovers, and post-incident hardening.
References
Next to view (diagnostic order)
These links are generated from site_map rules in recommended diagnostic order.
- WP Security Checklist Builder — Generate security operation checklists for WordPress
- Hash / HMAC Generator — Generate SHA-family hashes and HMAC values
- htpasswd Generator — Generate username:hash lines for .htpasswd
- Token Format Checker — Infer JWT/UUID/Hex/Base64URL candidates from input text
- Random Password — Generate random passwords with length, charset, and exclusion options
- Password Seed Generator — Derive reproducible passwords from seed and constraints
- Random Token Generator — Generate random tokens with selectable byte size and encoding
- URL Safe Random — Generate random strings using URL/filename-safe characters
Same-theme links
Security Operations
Generate practical passwords, tokens, and operation checklists quickly
- Random Password — Generate random passwords with length, charset, and exclusion options
- Password Seed Generator — Derive reproducible passwords from seed and constraints
- Random Token Generator — Generate random tokens with selectable byte size and encoding
- URL Safe Random — Generate random strings using URL/filename-safe characters
- Password Policy Generator — Create policy text and validation regex from requirements
- Token Format Checker — Infer JWT/UUID/Hex/Base64URL candidates from input text
- .env Diff Checker — Compare .env added/removed/changed keys
- Hash / HMAC Generator — Generate SHA-family hashes and HMAC values
- htpasswd Generator — Generate username:hash lines for .htpasswd
- WP Security Checklist Builder — Generate security operation checklists for WordPress