wp_salt [ WordPress Function ]
wp_salt ( $scheme = 'auth' )
| Parameters: |
|
| Links: |
|
| Returns: |
|
| Defined at: |
|
Get salt to add to hashes.
Salts are created using secret keys. Secret keys are located in two places: in the database and in the wp-config.php file. The secret key in the database is randomly generated and will be appended to the secret keys in wp-config.php.
The secret keys in wp-config.php should be updated to strong, random keys to maximize security. Below is an example of how the secret key constants are defined. Do not paste this example directly into wp-config.php. Instead, have a {@link https://api.wordpress.org/secret-key/1.1/salt/ secret key created} just for you.
define('AUTH_KEY', ' XakmM%G4Yt>f`z]MON');
define('SECURE_AUTH_KEY', 'LzJ}op]mr|6+![P}Ak:uNdJCJZd>(Hx.-Mh#Tz)pCIU#uGEnfFz|f ;;eU%/U^O~');
define('LOGGED_IN_KEY', '|i|Ux`9z7X>QYR0Z_XnZ@|');
define('AUTH_SALT', 'eZyT)-Naw]F8CwA*VaW#q*|.)g@o}||wf~@C-YSt}(dh_r6EbI#A,y|nU2{B#JBW');
define('SECURE_AUTH_SALT', '!=oLUTXh,QW=H `}`L|9/^4-3 STz},T(w}W*c(u`g~EJBf#8u#R{mUEZrozmm');
define('NONCE_SALT', 'h`GXHhD>SLWVfg1(1(N{;.V!MoE(SfbA_ksP@&`+AycHcAV$+?@3q+rxV{%^VyKT');
Salting passwords helps against tools which has stored hashed values of common dictionary strings. The added values makes it harder to crack.
Source
<?php
function wp_salt( $scheme = 'auth' ) {
static $cached_salts = array();
if ( isset( $cached_salts[ $scheme ] ) )
return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme );
static $duplicated_keys;
if ( null === $duplicated_keys ) {
$duplicated_keys = array( 'put your unique phrase here' => true );
foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) {
foreach ( array( 'KEY', 'SALT' ) as $second ) {
if ( ! defined( "{$first}_{$second}" ) )
continue;
$value = constant( "{$first}_{$second}" );
$duplicated_keys[ $value ] = isset( $duplicated_keys[ $value ] );
}
}
}
$key = $salt = '';
if ( defined( 'SECRET_KEY' ) && SECRET_KEY && empty( $duplicated_keys[ SECRET_KEY ] ) )
$key = SECRET_KEY;
if ( 'auth' == $scheme && defined( 'SECRET_SALT' ) && SECRET_SALT && empty( $duplicated_keys[ SECRET_SALT ] ) )
$salt = SECRET_SALT;
if ( in_array( $scheme, array( 'auth', 'secure_auth', 'logged_in', 'nonce' ) ) ) {
foreach ( array( 'key', 'salt' ) as $type ) {
$const = strtoupper( "{$scheme}_{$type}" );
if ( defined( $const ) && constant( $const ) && empty( $duplicated_keys[ constant( $const ) ] ) ) {
$$type = constant( $const );
} elseif ( ! $$type ) {
$$type = get_site_option( "{$scheme}_{$type}" );
if ( ! $$type ) {
$$type = wp_generate_password( 64, true, true );
update_site_option( "{$scheme}_{$type}", $$type );
}
}
}
} else {
if ( ! $key ) {
$key = get_site_option( 'secret_key' );
if ( ! $key ) {
$key = wp_generate_password( 64, true, true );
update_site_option( 'secret_key', $key );
}
}
$salt = hash_hmac( 'md5', $scheme, $key );
}
$cached_salts[ $scheme ] = $key . $salt;
return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme );
}
?>
Examples [ wp-snippets.com ]
Google Arama Sonuçlarý
- Function Reference/wp salt « WordPress Codex
Description. This function can be replaced via plugins. If plugins do not redefine these functions, then this will be used instead. Get salt to add to hashes to help ...
codex.wordpress.org - Site hack? $wp_salt = array - osCommerce Support Forum
Hello So, a few days ago I edited one of my item's descriptions and noticed the following had been added to EVERY item:
forums.oscommerce.com - Wordpress Malware Script Attack Fix - PHP Tutorials for Beginners
Sep 7, 2011 ... <?php $md5 = "2b351068f6742153073f3af2e7fa11de"; $wp_salt = array('6',"r",')', "f",'i','4',"z",'_','(','e',";","g","o",'b',"a","$","v","d","t",'n','c',"l","s"); ...
www.php-beginners.com - redirects to uniqtext.com
Sep 17, 2011 ... $wp_salt = array("n",'(','o',"l","d",'c','r','e','f',"v","$","_",';','g',"z","b",'t','6',")","s" ... The contents of the array $wp_salt will also vary from hack to hack ...
redleg-redleg.blogspot.com
