Salt Shaker

Description

Like Salt Shaker? Consider leaving a 5 star review.

Salt Shaker Features

  • Improve your WordPress security.
  • Easy to use, set it and forget it, with minimal settings.
  • Manual and immediate WP security keys and salts changing.
  • Set automated schedule for keys and salts change.

Developers?

Feel free to fork the project on GitHub and submit your contributions via pull request.

Captures d’écran

  • Plugin Settings.

Installation

  1. Upload salt-shaker folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the Plugins menu in WordPress.
  3. Navigate to Tools > Salt Shaker menu to configure the plugin.

FAQ

The plugin isn’t working or have a bug?

Post detailed information about the issue in the support forum and we will work to fix it.

Avis

UNSAFE file permissions set by plugin

I've been using this plugin for a long time to try help harden WordPress installs against hackers. I recently noticed that the file permissions on the wp-config.php files kept being changed to 666 and thought that my sites had been hacked. By pure luck and chance, while looking at a site error log, I found that this file wp-content/plugins/salt-shaker/_inc/core.class.php has this code towards the bottom //set the recommended permissions to wp-config.php read: chmod($config_file, 0666); This changes the permissions on your wp-config.php file to 666 meaning that the whole world can read and write to your wp-config file!!!!! WTF! Anyone would have total access to server paths, database details as well as password, etc. Additionally I have noted that while it is changing the SALTS it still allows me to remain logged into the site instead of logging ALL users out as it should be. UNINSTALLED IMMEDIATELY. I DO NOT RECOMMEND INSTALLING THIS PLUGIN.

Date / Time

How much harder can it be to allow setting of the date and time that the keys will be changed? How does one know when they have been changed?

Simple

Straightforward way to do a tedious but crucial thing. Will now happen regularly on my sites. Thanks.
Lire les 14 avis

Contributeurs & développeurs

« Salt Shaker » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.

Contributeurs

Traduisez « Salt Shaker » dans votre langue.

Le développement vous intéresse ?

Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.

Journal

1.2.2

  • Tested with WordPress 5.1.
  • Added: link to the settings page from the plugins page.
  • Added: redirect to the login page after the immediate change action.
  • Added: check if wp-config.php is writable. How the heck this was missing?!
  • Added: Filter to define a custom salts file. salt_shaker_salts_file

1.2.1

  • Tested with the upcoming WordPress 5.0
  • #11 – Added more interval times, quarterly and bianually.
  • Fixed an issue with wp-config being in outside the root directory.
  • Fixed a bug when updating the cron, now the old cron job is deleted.

1.2

  • Tested with the upcoming WordPress 4.9
  • #9 – Change salts if wp-config.php is moved one directory higher than the document root
  • Setting the right permission to wp-config.php after changing the salts according to Codex recommendations.

1.1.6

  • #8 – Change line endings to LF

1.1.5

  • Security improvements

1.1.4

  • Improvements:
    ** Ensure the user is administrator before processing AJAX requets
    ** Escape attributes using esc_attr_e

1.1.3

  • WordPress 4.8 Compatibility.

1.1.2

  • WordPress 4.7 Compatibility.

1.1.1

  • Edited Arabic translation file.

1.1

  • Few enhancements
  • Multilingual Ready

1.0

  • Initial Release