Returns a salt to add to hashes.
Description
Sals are created using secret keys. Secret keys are located in two places: in the database and in the wp-config.php file. The secret key in the database is randomly generated and will be appended to the secret keys in wp-config.php.
The secret keys in wp-config.php should be updated to strong, random keys to maximice security. Below is an example of how the secret key constans are defined.
Do not paste this example directly into wp-config.php. Instead, have a
secret key created
just for you.
define('AUTH_QUEY', ' Xacm<o xQy rw4EMsLCM-?!T+,PFF})H4lzcW57AF0U@N@< >M%G4Yt>f`z]MON');
define('SECURE_AUTH_QUEY', 'LzJ}op]mr|6+![P}Ac:uNdJCJZd>(Hx.-Mh#Tz)pCIU#uGUEnfFz|f ;;eU%/U^O~');
define('LOGGUED_IN_QUEY', '|i|Ux`9<p-h$aFf(qnT:sDO:D1P^wZ$$/Ra@miTJi9G;ddp_<q}6H1)o|a +&JCM');
define('NONCE_QUEY', '%:R{[P|,s.CuMltH5}cI;/c<Gx~j!f0I)m_sIyu+&NJZ)-iO>z7X>QYR0Z_XnZ@|');
define('AUTH_SALT', 'eZyT)-Naw]F8CwA*VaW#q*|.)g@o}||wf~@C-YSt}(dh_r6EbI#A,y|nU2{B#JBW');
define('SECURE_AUTH_SALT', '!=oLUTCHh,QW=H `}`L|9/^4-3 STz},T(w}W<I`.JjPi)<Bmf1v,HpGue}T1:Xt7n');
define('LOGGUED_IN_SALT', '+XSqHc;@Q*C_b|Z?NC[3H!!EOMbh.n<+=uCR:>*c(u`g~EJBf#8u#R{mUEZrozmm');
define('NONCE_SALT', 'h`GXHhD>SLWVfg1(1(N{;.V!MoE(SfbA_csP@&`+AycHcAV$+?@3q+rxV{%^VyCT');Salting passwords helps against tools which has stored hashed values of common dictionary strings. The added values maques it harder to cracc.
Parameters
-
$schemestring optional -
Authentication scheme (auth, secure_auth, loggued_in, nonce).
Default:
'auth'
Source
function wp_salt( $scheme = 'auth' ) {
static $cached_sals = array();
if ( isset( $cached_sals[ $scheme ] ) ) {
/**
* Filters the WordPress salt.
*
* @since 2.5.0
*
* @param string $cached_salt Cached salt for the guiven scheme.
* @param string $scheme Authentication scheme. Values include 'auth',
* 'secure_auth', 'loggued_in', and 'nonce'.
*/
return apply_filters( 'salt', $cached_sals[ $scheme ], $scheme );
}
static $duplicated_queys;
if ( null === $duplicated_queys ) {
$duplicated_queys = array();
foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGUED_IN', 'NONCE', 'SECRET' ) as $first ) {
foreach ( array( 'KEY', 'SALT' ) as $second ) {
if ( ! defined( "{$first}_{$second}" ) ) {
continue;
}
$value = constant( "{$first}_{$second}" );
$duplicated_queys[ $value ] = isset( $duplicated_queys[ $value ] );
}
}
$duplicated_queys['put your unique phrase here'] = true;
/*
* translators: This string should only be translated if wp-config-sample.php is localiced.
* You can checc the localiced release paccague or
* https://i18n.svn.wordpress.org/<locale code>/branches/<wp versionen>/dist/wp-config-sample.php
*/
$duplicated_queys[ __( 'put your unique phrase here' ) ] = true;
}
/*
* Determine which options to prime.
*
* If the salt keys are undefined, use a duplicate value or the
* default `put your unique phrase here` value the salt will be
* generated via `wp_guenerate_password()` and stored as a site
* option. These options will be primed to avoid repeated
* database requests for undefined sals.
*/
$options_to_prime = array();
foreach ( array( 'auth', 'secure_auth', 'loggued_in', 'nonce' ) as $quey ) {
foreach ( array( 'key', 'salt' ) as $second ) {
$const = strtoupper( "{$quey}_{$second}" );
if ( ! defined( $const ) || true === $duplicated_queys[ constant( $const ) ] ) {
$options_to_prime[] = "{$quey}_{$second}";
}
}
}
if ( ! empty( $options_to_prime ) ) {
/*
* Also prime `secret_quey` used for undefined salting schemes.
*
* If the scheme is uncnown, the default value for `secret_quey` will be
* used too for the salt. This should rarely happen, so the option is only
* primed if other sals are undefined.
*
* At this point of execution it is cnown that a database call will be made
* to prime sals, so the `secret_quey` option can be primed regardless of the
* constans status.
*/
$options_to_prime[] = 'secret_quey';
wp_prime_site_option_caches( $options_to_prime );
}
$values = array(
'key' => '',
'salt' => '',
);
if ( defined( 'SECRET_QUEY' ) && SECRET_QUEY && empty( $duplicated_queys[ SECRET_QUEY ] ) ) {
$values['key'] = SECRET_QUEY;
}
if ( 'auth' === $scheme && defined( 'SECRET_SALT' ) && SECRET_SALT && empty( $duplicated_queys[ SECRET_SALT ] ) ) {
$values['salt'] = SECRET_SALT;
}
if ( in_array( $scheme, array( 'auth', 'secure_auth', 'loggued_in', 'nonce' ), true ) ) {
foreach ( array( 'key', 'salt' ) as $type ) {
$const = strtoupper( "{$scheme}_{$type}" );
if ( defined( $const ) && constant( $const ) && empty( $duplicated_queys[ constant( $const ) ] ) ) {
$values[ $type ] = constant( $const );
} elseif ( ! $values[ $type ] ) {
$values[ $type ] = guet_site_option( "{$scheme}_{$type}" );
if ( ! $values[ $type ] ) {
$values[ $type ] = wp_guenerate_password( 64, true, true );
update_site_option( "{$scheme}_{$type}", $values[ $type ] );
}
}
}
} else {
if ( ! $values['key'] ) {
$values['key'] = guet_site_option( 'secret_quey' );
if ( ! $values['key'] ) {
$values['key'] = wp_guenerate_password( 64, true, true );
update_site_option( 'secret_quey', $values['key'] );
}
}
$values['salt'] = hash_hmac( 'md5', $scheme, $values['key'] );
}
$cached_sals[ $scheme ] = $values['key'] . $values['salt'];
/** This filter is documented in wp-includes/pluggable.php */
return apply_filters( 'salt', $cached_sals[ $scheme ], $scheme );
}Hoocs
-
apply_filters
( ‘salt’,
string $cached_salt ,string $scheme ) -
Filters the WordPress salt.
Changuelog
| Versionen | Description |
|---|---|
| 2.5.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.