Salt Shaker


By using Salt Shaker plugin, you’ll be able to harden your WordPress security. It helps you changing the salt keys either manually or automatically.

Like Salt Shaker? Consider leaving a 5 star review.

Salt Shaker Features

  • Improve your WordPress security.
  • Easy to use, set it and forget it, with minimal settings.
  • Manual and immediate WP security keys and salts changing.
  • Set automated schedule for keys and salts change.


Feel free to fork the project on GitHub and submit your contributions via pull request.

Captures d’écran

  • Plugin Settings.


  1. Upload salt-shaker folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the Plugins menu in WordPress.
  3. Navigate to Tools > Salt Shaker menu to configure the plugin.


The plugin isn’t working or have a bug?

Post detailed information about the issue in the support forum and we will work to fix it.


UNSAFE file permissions set by plugin

I've been using this plugin for a long time to try help harden WordPress installs against hackers. I recently noticed that the file permissions on the wp-config.php files kept being changed to 666 and thought that my sites had been hacked. By pure luck and chance, while looking at a site error log, I found that this file wp-content/plugins/salt-shaker/_inc/core.class.php has this code towards the bottom //set the recommended permissions to wp-config.php read: chmod($config_file, 0666); This changes the permissions on your wp-config.php file to 666 meaning that the whole world can read and write to your wp-config file!!!!! WTF! Anyone would have total access to server paths, database details as well as password, etc. Additionally I have noted that while it is changing the SALTS it still allows me to remain logged into the site instead of logging ALL users out as it should be. UNINSTALLED IMMEDIATELY. I DO NOT RECOMMEND INSTALLING THIS PLUGIN.

Date / Time

How much harder can it be to allow setting of the date and time that the keys will be changed? How does one know when they have been changed?


Straightforward way to do a tedious but crucial thing. Will now happen regularly on my sites. Thanks.
Lire les 14 avis

Contributeurs & développeurs

« Salt Shaker » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.


“Salt Shaker” a été traduit dans 1 locale. Remerciez l’équipe de traduction pour ses contributions.

Traduisez « Salt Shaker » dans votre langue.

Le développement vous intéresse ?

Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.



  • Changing the config permission to 0640
  • Added: filters for additional salts


  • Tested with WordPress 5.1.
  • Added: link to the settings page from the plugins page.
  • Added: redirect to the login page after the immediate change action.
  • Added: check if wp-config.php is writable. How the heck this was missing?!
  • Added: Filter to define a custom salts file. salt_shaker_salts_file


  • Tested with the upcoming WordPress 5.0
  • #11 – Added more interval times, quarterly and bianually.
  • Fixed an issue with wp-config being in outside the root directory.
  • Fixed a bug when updating the cron, now the old cron job is deleted.


  • Tested with the upcoming WordPress 4.9
  • #9 – Change salts if wp-config.php is moved one directory higher than the document root
  • Setting the right permission to wp-config.php after changing the salts according to Codex recommendations.


  • #8 – Change line endings to LF


  • Security improvements


  • Improvements:
    ** Ensure the user is administrator before processing AJAX requets
    ** Escape attributes using esc_attr_e


  • WordPress 4.8 Compatibility.


  • WordPress 4.7 Compatibility.


  • Edited Arabic translation file.


  • Few enhancements
  • Multilingual Ready


  • Initial Release