Salt Shaker


By using Salt Shaker plugin, you’ll be able to harden your WordPress security. It allows you to change the salt keys either manually or automatically.

Try it out on a free dummy site:
Click here and you’ll get the chance to see it in action →

Why Use SALT Keys in WordPress?

When you log in to WordPress, you have the option to remain logged in long-term. To achieve this, WordPress stores your login data in cookies instead of in a PHP session. Malicious individuals can hijack your cookies through various means, leaving your website vulnerable.

To make it harder for attackers to use cookie data, you can take advantage of SALT keys. WordPress SALT keys encrypt your password, making it harder to guess. What’s more, it’s next to impossible for hackers to simply ‘unscramble’ the result in order to get at the original password.

Read more on WPEngine Blog

What people says about Salt Shaker

Elgenat Themes

Tevreden over Salt Shaker? Beoordeel de plugin met 5 sterren.

Salt Shaker Features

  • Verhoog de veiligheid van je WordPress installatie.
  • Eenvoudig te gebruiken – installeer het en vergeet het – met een minimum aan stellingen.
  • Manual and immediate WP security keys and salts changing.
  • Set automated schedule for keys and salts change.


Feel free to fork the project on GitHub and submit your contributions via pull request.


  • Plugin instellingen


  1. Upload de salt-shaker folder naar de /wp-content/plugins/map.
  2. Activeer de plugin via het Plugins menu in WordPress.
  3. Ga naar het Tools > Salt Shaker menu om de plugin te configureren.


Nothing happens?

Make sure that wp-config.php file has the salt keys. If for any reason the keys aren’t there; you can always generate a set of keys from this link and add it to your wp-config.php file. Once that’s done, the plugin will be able to shake them based on your settings.

Plugin werkt niet of hapert?

Omschrijf het probleem gedetailleerd op het support forum en wij gaan aan de slag om het op te lossen.

Custom wp-config.php location?

You can use this filter to define the file location salt_shaker_salts_file. Example:
In this example, the new location of the config file is in a folder that’s outside WordPress location in a folder called wpsecret. Make sure to replace it with your secret location 😉

function salt_shaker_new_file($salts_file_name) {
    $salts_file_name = '../wpsecret/wp-config';
    return $salts_file_name;

add_filter('salt_shaker_salts_file', 'salt_shaker_new_file');


18 mei 2023 1 reactie
Reviewed the changelog before installing, glad file permissions are now left alone, confirmed, all working as expected. Great plugin, thanks! 5-Stars!
9 maart 2023
This is a simple, elegant and yet powerful addition to any security you might already have on your site/sites. I have been the victim of cookie hijacking. It wasn't a pleasant experience! This plugin ensures you and your team log out according to a fixed schedule resulting in a fresh cookie when you log back in. Indispensable!
28 februari 2023
This plugin (Salt Shaker) is amazing, and every WP website needs it. Use this plugin to keep your website secure.<gwmw style="display:none;"></gwmw>
Lees alle 25 beoordelingen

Bijdragers & ontwikkelaars

“Salt Shaker” is open source software. De volgende personen hebben bijgedragen aan deze plugin.


“Salt Shaker” is vertaald in 5 talen. Dank voor de vertalers voor hun bijdragen.

Vertaal “Salt Shaker” naar jouw taal.

Interesse in ontwikkeling?

Bekijk de code, haal de SVN repository op, of abonneer je op het ontwikkellog via RSS.



  • Minor bug fixes.
  • Updated Freemius SDK.


  • Quick fix for the wp-salt file path.


  • WordPress 6.2 compatibility.
  • Support for wp-salt files.
  • Introducing Salt Shaker PRO.


  • WordPress 6.1 compatibility.


  • WordPress 6.0 compatibility.
  • Fix an issue with the AUTH_KEY and AUTH_SALT keys not being changed.


  • Tested with WordPress 5.9.


  • WordPress 5.8 compatibility.


  • WordPress 5.7 compatibility.


  • WordPress 5.5 compatibility.


  • WordPress 5.4 compatibility.
  • Replacing some functions with standard WP functions.


  • Enhanced internationalization.
  • Compatibel met WordPress 5.3


  • Keeping the original permissions of the config file.
  • Performance improvement


  • Changing the config permission to 0640
  • Added: filters for additional salts


  • Getest met WordPress 5.1
  • Added: link to the settings page from the plugins page.
  • Added: redirect to the login page after the immediate change action.
  • Added: check if wp-config.php is writable. How the heck this was missing?!
  • Added: Filter to define a custom salts file. salt_shaker_salts_file


  • Tested with the upcoming WordPress 5.0
  • #11 – Added more interval times, quarterly and bianually.
  • Fixed an issue with wp-config being in outside the root directory.
  • Fout hersteld in updaten cron-taak. Oude (vorige) cron-taak wordt nu verwijderd.


  • Getest met WordPress 4.9
  • #9 – Wijzig salts als wp-config.php één niveau boven de document root wordt verplaatst
  • Rechten voor wp-config.php goed instellen na wijziging van de salts overeenkomstig aanbevelingen in de Codex.


  • #8 – Regeleindes veranderen in LF


  • Beveiliging verbeterd


  • Improvements:
    ** Ensure the user is administrator before processing AJAX requets
    ** Escape attributes using esc_attr_e


  • Compatibiliteit met WordPress 4.8.


  • Compatibiliteit met WordPress 4.7.


  • Arabische vertaling bewerkt.


  • Enkele verbeteringen
  • Klaar voor meertaligheid


  • Initiële versie