Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Function Reference/wp salt


This function can be replaced via plugins. If plugins do not redefine these functions, then this will be used instead.

Get salt to add to hashes to help prevent attacks.

The secret key is located in two places: the database in case the secret key isn't defined in the second place, which is in the wp-config.php file. If you are going to set the secret key, then you must do so in the wp-config.php file.

The secret key in the database is randomly generated and will be appended to the secret key that is in wp-config.php file in some instances. It is important to have the secret key defined or changed in wp-config.php.

If you have installed WordPress 2.5 or later, then you will have the SECRET_KEY defined in the wp-config.php already. You will want to change the value in it because hackers will know what it is. If you have upgraded to WordPress 2.5 or later version from a version before WordPress 2.5, then you should add the constant to your wp-config.php file.

Salting passwords helps against tools which has stored hashed values of common dictionary strings. The added values makes it harder to crack if given salt string is not weak.


<?php wp_salt$scheme ?>


(string) (optional) Type of salt you would like to recall. Accepts: 'auth', 'secure_auth', 'logged_in', and 'nonce'
Default: 'auth'

Return Values

Salt value from either 'SECRET_KEY' or 'secret' option



Change Log

Since: 2.5

Source File

wp_salt() is located in wp-includes/pluggable.php.


See also index of Function Reference and index of Template Tags.