Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
April 19, 2018 02:07 pm

Auto-Update Your WordPress Salts With WP-Salts-Update-CLI

Raise your hand if you manage more than five WordPress sites. Keep it raised if the number exceeds ten. WordPress security is a primary concern for all site owners, and it becomes even more grave if you have multiple sites to take care of. Because you cannot monitor all the sites all the time, you need a quick and easy fix to protect your sites from brute force attacks.

WordPress security keys and salts offer a robust solution to harden your site security. They play a significant role in securing site cookies and stopping hackers from accessing your site. 

Changing salts (manually or via an online key generator) for every single website can be time-consuming. So what if I tell you that you can update your WordPress salts for all your sites in a few seconds? Yes, it is possible! Today, I'll share the incredible WP-Salts-Update-CLI, which can help you update your salts in a jiffy.

In this post, I am going to discuss a few basics about WordPress salts and how this CLI works. Let's begin!

Security Keys & Salts in WordPress

In WordPress version 2.6, security keys and salts were introduced as authentication variables to improve the security of your login credentials. They add protection to your site's username and password, which get stored in the user’s cookies. They are found in the wp-config.php of every website right below the database credentials.

At present, four different security keys exist: AUTH_KEYSECURE_AUTH_KEYLOGGED_IN_KEY, and NONCE_KEY

Each security key has a corresponding salt too. These salts are AUTH_SALTSECURE_AUTH_SALTLOGGED_IN_SALT, and NONCE_SALT

Here's a screenshot of the wp-config.php from one of my demo websites.

WP Security Keys  Salts


WP-Salts-Update-CLI

WP-Salts-Update-CLI (WPSUCLI) provides an automated solution to update WordPress salts through a CLI. WPSUCLI downloads new salts from the WP API and replaces them with the ones in your wp-config.php file for every site on your server. 

You can see the complete code in the project GitHub repo. Here is the main loop:

This works by first finding every wp-config.php file in the directory subtree, starting with the current working directory. Then, it downloads the new salts, adds them to the wp-config.php file, and cleans up the temporary files.

Getting Started!

Open a command line terminal (I prefer iTerm2) and run the following command in the root of your server.  I am installing it in my local Mac environment to update the salts of my site's local images, which I will sync via SFTP later.

This command will perform the following actions:


  • Use sudo permissions.

  • Use wget to download WPSUCLI and rename it to wpsucli.

  • Make the wpsucli executable.

  • Install the script.

The last part—&& sudo install ./wpsucli /usr/local/bin/wpsucli—is meant to install this script in macOS. You can ignore this in other environments. It installs wpsucli inside the /usr/local/bin/ folder.

Usage


  • Just run wpsucli and it will update the salts for every wp-config.php file on your server or PC.

  • If you are running it on your server then run it from the root folder, i.e. first cd / and then run wpsucli.

If for some reason the script doesn't work, you might want to check the output of the command find . -name wp-config.php -print. As we saw above, this is the same find command that is used in the script. It should print the paths for all the wp-config.php files present in your current directory or directories within it. If it doesn't display the paths, then you're probably starting in the wrong folder! Try going to your user folder or the root—cd ~ or cd /—and running wpsucli again.

Final Results

Before I run these commands to show how this CLI works, let me show the current salts of one of my wp-config.php files.

After running the commands in my iTerm, I was notified about updating salts with the following:

WP Salts CLI

Now if I look at the salts, they have been entirely changed.

It is that simple!

Your Turn

Now it’s your turn to try this CLI and update your WordPress salts with WP-Salts-Update-CLI. If you have any issues, make sure you report them on GitHub. Pull requests are more than welcome.

Have you tried this out? Let me know about your experience. Drop in your feedback in the comments section below.


Original Link:

Share this article:    Share on Facebook
No Article Link

TutsPlus - Code

Tuts+ is a site aimed at web developers and designers offering tutorials and articles on technologies, skills and techniques to improve how you design and build websites.

More About this Source Visit TutsPlus - Code