Adding an additional layer of security

533311013

Security is key when it comes to protecting your WordPress site.

Here at Standard Beagle, when we develop a new WordPress site, we integrate the iThemes Security plug-in as part of our base plugin package.  We feel this is plugin is among the best in keeping your sites secure.  iThemes Security has upped the ante in their latest update.  Now users are able to go into their WordPress dashboard and update their authentication keys without having to mess with your code!

 Why does this matter?

To better protect the login information stored in your WordPress cookies, WordPress includes these secret authentication keys and salts in your wp-config.php file.  Basically, these are additional passwords for your site that are long, random and complicated—so they’re nearly impossible to break. They are also a headache to generate and update on the back-end of your website because it requires actually going into your code and manually changing these keys.

The new update will remind you to change your keys and salts every 30 days.  To do this,  you simply log into your WP dashboard and hit the Advance tab in the Security module and click the “Change WordPress Salts” button and viola,  it’s done!

salts
By changing these keys, it will force every single user to log-in again.  So even if you have people who use the “remember me” tool in their browser, they will have to log back in and re- authenticate their computer.  This is especially handy if someone accidentally used the “remember me” option on a shared or public computer.