WordPress uses random strings of characters within passwords, called “Salts”, to make it difficult for attackers to crack passwords and gain access to your WordPress site.
In release 5.1.6 of the AIOS WordPress Security Plugin, we’ve expanded this WordPress feature and added it to the free and Premium versions of AIOS, to provide you, our customers, with even more protections against malicious users.
Tell me more about WordPress Salts
Simply put, storing login passwords in plain text is bad. If someone were to steal your database they’d have access to your users’ passwords. WordPress ‘hashes’ passwords which means it transforms the existing characters into another value, so they can’t be read.
But, hashing on its own isn’t enough.
If two users had the same password, it would create the same hash, meaning if the attacker knew one password, they’d know the other ones too.
That’s where WordPress ‘Salts’ come in.
Salts are unique random strings which are attached to the hashed password. If two users had the same password, they would still have a different hash, thanks to WordPress Salts.
How does AIOS expand the WordPress Salt Feature?
A new feature in AIOS 5.1.6 adds 64 extra characters to the existing salts and changes it weekly.
Short WordPress salts means an attacker could precompute a table of every possible salt appended to every likely password. Adding extra characters makes calculating salt variations pretty tricky. Giving them less than a week to do it makes it virtually impossible.
The AIOS WordPress Salts feature is available now in All-In-One Security 5.1.6, adding to the already extensive suite of login security features.
Frequently Asked Questions
Does this feature change my password?
Your password will continue to work as normal. Salting happens behind the scenes.
How do I use the AIOS WordPress Salts feature?
To enable this extra security, we suggest you first let all users know that they are about to be logged out so that they can save their work.
Then, within your WordPress Dashboard:
- go into the WP Security section,
- then to Miscellaneous.
- Within the Salt tab, check “Enable salt postfix“.
- Press the Save settings button, and you’re done.