WordPress Salts Extended – New AIOS WordPress Security Feature

By TeamUpdraft Posted Category Company news Topics All-In-One-Security, Announcements,

WordPress uses random strings of characters within passwords, called ‘Salts’, to make it difficult for attackers to crack passwords and gain access to your WordPress site.

In release 5.1.6 of the AIOS WordPress Security Plugin, we’ve expanded this WordPress feature and added it to the free and Premium versions of AIOS, to provide you, our customers, with even more protections against malicious users.

Simply put, storing login passwords in plain text is bad. If someone were to steal your database they’d have access to your users’ passwords. WordPress ‘hashes’ passwords which means it transforms the existing characters into another value, so they can’t be read.

But, hashing on its own isn’t enough.

If two users had the same password, it would create the same hash, meaning if the attacker knew one password, they’d know the other ones too.

That’s where WordPress ‘Salts’ come in.

Salts are unique random strings which are attached to the hashed password. If two users had the same password, they would still have a different hash, thanks to WordPress Salts.

How does AIOS expand the WordPress Salt Feature?

Section titled How does AIOS expand the WordPress Salt Feature?

A new feature in AIOS 5.1.6 adds 64 extra characters to the existing salts and changes it weekly.

Short WordPress salts means an attacker could precompute a table of every possible salt appended to every likely password. Adding extra characters makes calculating salt variations pretty tricky. Giving them less than a week to do it makes it virtually impossible.

The AIOS WordPress Salts feature is available now in All-In-One Security 5.1.6, adding to the already extensive suite of login security features.

For more information about feature-rich AIOS, visit our Features page or get AIOS now.

Does this feature change my password?

Your password will continue to work as normal. Salting happens behind the scenes.

How do I use the AIOS WordPress Salts feature?

To enable this extra security, we suggest you first let all users know that they are about to be logged out so that they can save their work.

We also recommend taking a backup using a WordPress Backup Plugin such as UpdraftPlus. This is good practice when making changes to anything within your WordPress plugins (and themes too).

Then, within your WordPress Dashboard:

  • go into the WP Security section,
  • then to Miscellaneous.
  • Within the Salt tab, check ‘Enable salt postfix’.
  • Press the Save settings button, and you’re done.
In WP Security navigate to 'Miscellaneous' section and select 'Salt' tab to add salt postfix and select 'Enable salt postfix'

About the author

Team Updraft Logo with dark background

TeamUpdraft

Our team consists of WordPress developers, marketers, and industry experts committed to providing you with the resources and skills you need to succeed online. Whether you’re just starting out or seeking advanced strategies, we’re here to enhance your WordPress journey and support you at every stage.

AIOS

Comprehensive, feature-rich, security for WordPress. Malware scanning, firewall, an audit log and much more. Powerful, trusted and easy to use.

From just $70 for the year.

More stories

Our plugins

Try TeamUpdraft’s full suite of WordPress plugins.

  • UpdraftPlus

    Back up, restore and migrate your WordPress website with UpdraftPlus

  • WP-Optimize

    Speed up and optimize your WordPress website. Cache your site, clean the database and compress images

  • UpdraftCentral

    Centrally manage all your WordPress websites’ plugins, updates, backups, users, pages and posts from one location