Salt Shaker


By using Salt Shaker plugin, you’ll be able to harden your WordPress security. It helps you changing the salt keys either manually or automatically.

Why Use SALT Keys in WordPress?

When you log in to WordPress, you have the option to remain logged in long-term. To achieve this, WordPress stores your login data in cookies instead of in a PHP session. Malicious individuals can hijack your cookies through various means, leaving your website vulnerable.

To make it harder for attackers to use cookie data, you can take advantage of SALT keys. WordPress SALT keys encrypt your password, making it harder to guess. What’s more, it’s next to impossible for hackers to simply ‘unscramble’ the result in order to get at the original password.

Read more on WPEngine Blog

What people says about Salt Shaker

Elgenat Themes

Like Salt Shaker? Consider leaving a 5 star review.

Salt Shaker Features

  • Improve your WordPress security.
  • Easy to use, set it and forget it, with minimal settings.
  • Manual and immediate WP security keys and salts changing.
  • Set automated schedule for keys and salts change.


Feel free to fork the project on GitHub and submit your contributions via pull request.


  • Plugin Settings.


  1. Upload salt-shaker folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the Plugins menu in WordPress.
  3. Navigate to Tools > Salt Shaker menu to configure the plugin.

Vanliga frågor

The plugin isn’t working or have a bug?

Post detailed information about the issue in the support forum and we will work to fix it.

Custom wp-config.php location?

You can use this filter to define the file location salt_shaker_salts_file. Example:
In this example, the new location of the config file is in a folder that’s outside WordPress location in a folder called wpsecret. Make sure to replace it with your secret location 😉
function salt_shaker_new_file($salts_file_name) {
$salts_file_name = ’../wpsecret/wp-config’;
return $salts_file_name;

add_filter(’salt_shaker_salts_file’, ’salt_shaker_new_file’);


18 juni 2020
This is one of the best plugins I use on my sites. It is simple to use, does exactly what it is supposed to, and best of all boosts the security of my sites. The only thing that confuses me about it is, why don't way more sites use it??!!?
18 maj 2020
If WordPress salts worries you, you can rest know. If you think that installing it is easy, "configuration" is easier. Please keep the plugin up-to-date.
Läs alla 20 betyg

Bidragsgivare och utvecklare

”Salt Shaker” är programvara med öppen källkod. Följande personer har bidragit till detta tillägg.

Bidragande personer

”Salt Shaker” har översatts till 5 språk. Tack till översättarna för deras bidrag.

Översätt ”Salt Shaker” till ditt språk.

Intresserad av programutveckling?

Läs programkoden, kika på SVN-filförvaret eller prenumerera på utvecklarloggen via RSS.


=1.2.9 =
* WordPress 5.8 compatibility.

=1.2.8 =
* WordPress 5.7 compatibility.

=1.2.7 =
* WordPress 5.5 compatibility.


  • WordPress 5.4 compatibility.
  • Replacing some functions with standard WP functions.


  • Enhanced internationalization.
  • WordPress 5.3 compatibility.


  • Keeping the original permissions of the config file.
  • Performance improvement


  • Changing the config permission to 0640
  • Added: filters for additional salts


  • Tested with WordPress 5.1.
  • Added: link to the settings page from the plugins page.
  • Added: redirect to the login page after the immediate change action.
  • Added: check if wp-config.php is writable. How the heck this was missing?!
  • Added: Filter to define a custom salts file. salt_shaker_salts_file


  • Tested with the upcoming WordPress 5.0
  • #11 – Added more interval times, quarterly and bianually.
  • Fixed an issue with wp-config being in outside the root directory.
  • Fixed a bug when updating the cron, now the old cron job is deleted.


  • Tested with the upcoming WordPress 4.9
  • #9 – Change salts if wp-config.php is moved one directory higher than the document root
  • Setting the right permission to wp-config.php after changing the salts according to Codex recommendations.


  • #8 – Change line endings to LF


  • Security improvements


  • Improvements:
    ** Ensure the user is administrator before processing AJAX requets
    ** Escape attributes using esc_attr_e


  • WordPress 4.8 Compatibility.


  • WordPress 4.7 Compatibility.


  • Edited Arabic translation file.


  • Few enhancements
  • Multilingual Ready


  • Initial Release