wp_salt( string $scheme = 'auth' )

Get salt to add to hashes.

Contents

Description Description

Salts are created using secret keys. Secret keys are located in two places: in the database and in the wp-config.php file. The secret key in the database is randomly generated and will be appended to the secret keys in wp-config.php.

The secret keys in wp-config.php should be updated to strong, random keys to maximize security. Below is an example of how the secret key constants are defined. Do not paste this example directly into wp-config.php. Instead, have a secret key created just for you.

define('AUTH_KEY',         ' Xakm<o xQy rw4EMsLKM-?!T+,PFF})H4lzcW57AF0U@N@< >M%G4Yt>f`z]MON');
define('SECURE_AUTH_KEY',  'LzJ}op]mr|6+![P}Ak:uNdJCJZd>(Hx.-Mh#Tz)pCIU#uGEnfFz|f ;;eU%/U^O~');
define('LOGGED_IN_KEY',    '|i|Ux`9<p-h$aFf(qnT:sDO:D1P^wZ$$/Ra@miTJi9G;ddp_<q}6H1)o|a +&JCM');
define('NONCE_KEY',        '%:R{[P|,s.KuMltH5}cI;/k<Gx~j!f0I)m_sIyu+&NJZ)-iO>z7X>QYR0Z_XnZ@|');
define('AUTH_SALT',        'eZyT)-Naw]F8CwA*VaW#q*|.)g@o}||wf~@C-YSt}(dh_r6EbI#A,y|nU2{B#JBW');
define('SECURE_AUTH_SALT', '!=oLUTXh,QW=H `}`L|9/^4-3 STz},T(w}W<I`.JjPi)<Bmf1v,HpGe}T1:Xt7n');
define('LOGGED_IN_SALT',   '+XSqHc;@Q*K_b|Z?NC[3H!!EONbh.n<+=uKR:>*c(u`g~EJBf#8u#R{mUEZrozmm');
define('NONCE_SALT',       'h`GXHhD>SLWVfg1(1(N{;.V!MoE(SfbA_ksP@&`+AycHcAV$+?@3q+rxV{%^VyKT');

Salting passwords helps against tools which has stored hashed values of common dictionary strings. The added values makes it harder to crack.

Parameters Parameters

$scheme

(string) (Optional) Authentication scheme (auth, secure_auth, logged_in, nonce)

Default value: 'auth'

Top ↑

Return Return

(string) Salt value

Top ↑

Source Source

File: wp-includes/pluggable.php

2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
function wp_salt( $scheme = 'auth' ) {
    static $cached_salts = array();
    if ( isset( $cached_salts[ $scheme ] ) ) {
        /**
         * Filters the WordPress salt.
         *
         * @since 2.5.0
         *
         * @param string $cached_salt Cached salt for the given scheme.
         * @param string $scheme      Authentication scheme. Values include 'auth',
         *                            'secure_auth', 'logged_in', and 'nonce'.
         */
        return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme );
    }
 
    static $duplicated_keys;
    if ( null === $duplicated_keys ) {
        $duplicated_keys = array( 'put your unique phrase here' => true );
        foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) {
            foreach ( array( 'KEY', 'SALT' ) as $second ) {
                if ( ! defined( "{$first}_{$second}" ) ) {
                    continue;
                }
                $value                     = constant( "{$first}_{$second}" );
                $duplicated_keys[ $value ] = isset( $duplicated_keys[ $value ] );
            }
        }
    }
 
    $values = array(
        'key'  => '',
        'salt' => '',
    );
    if ( defined( 'SECRET_KEY' ) && SECRET_KEY && empty( $duplicated_keys[ SECRET_KEY ] ) ) {
        $values['key'] = SECRET_KEY;
    }
    if ( 'auth' == $scheme && defined( 'SECRET_SALT' ) && SECRET_SALT && empty( $duplicated_keys[ SECRET_SALT ] ) ) {
        $values['salt'] = SECRET_SALT;
    }
 
    if ( in_array( $scheme, array( 'auth', 'secure_auth', 'logged_in', 'nonce' ) ) ) {
        foreach ( array( 'key', 'salt' ) as $type ) {
            $const = strtoupper( "{$scheme}_{$type}" );
            if ( defined( $const ) && constant( $const ) && empty( $duplicated_keys[ constant( $const ) ] ) ) {
                $values[ $type ] = constant( $const );
            } elseif ( ! $values[ $type ] ) {
                $values[ $type ] = get_site_option( "{$scheme}_{$type}" );
                if ( ! $values[ $type ] ) {
                    $values[ $type ] = wp_generate_password( 64, true, true );
                    update_site_option( "{$scheme}_{$type}", $values[ $type ] );
                }
            }
        }
    } else {
        if ( ! $values['key'] ) {
            $values['key'] = get_site_option( 'secret_key' );
            if ( ! $values['key'] ) {
                $values['key'] = wp_generate_password( 64, true, true );
                update_site_option( 'secret_key', $values['key'] );
            }
        }
        $values['salt'] = hash_hmac( 'md5', $scheme, $values['key'] );
    }
 
    $cached_salts[ $scheme ] = $values['key'] . $values['salt'];
 
    /** This filter is documented in wp-includes/pluggable.php */
    return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme );
}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
2.5.0 Introduced.

Top ↑

Top ↑

Uses Uses

Uses
Uses Description
wp-includes/pluggable.php: wp_generate_password()

Generates a random password drawn from the defined set of characters.
wp-includes/pluggable.php: salt

Filters the WordPress salt.
wp-includes/plugin.php: apply_filters()

Call the functions added to a filter hook.
wp-includes/option.php: update_site_option()

Update the value of an option that was already added for the current network.
wp-includes/option.php: get_site_option()

Retrieve an option value for the current network based on name of option.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.