

Api.wordpress.org Secret key URL - zengr
https://api.wordpress.org/secret-key/1.1/salt/

======
akirk
This should be renamed: WordPress.org secret-key service

As it says in the default wp-config.php of a WordPress installation:

    
    
        /*
        * Authentication Unique Keys and Salts.
        *
        * Change these to different unique phrases!
        * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
        * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
        *
        * @since 2.6.0
        */
        define('AUTH_KEY',         'put your unique phrase here');
        define('SECURE_AUTH_KEY',  'put your unique phrase here');
        define('LOGGED_IN_KEY',    'put your unique phrase here');
        define('NONCE_KEY',        'put your unique phrase here');
        define('AUTH_SALT',        'put your unique phrase here');
        define('SECURE_AUTH_SALT', 'put your unique phrase here');
        define('LOGGED_IN_SALT',   'put your unique phrase here');
        define('NONCE_SALT',       'put your unique phrase here');
    

This page is meant to generate the code to be pasted into a new wp-config.php

------
fabulist
Please correct me if I'm wrong, but this doesn't seem like responsible
disclosure.

~~~
reedloden
There's no security problem here. If you refresh the page, you're given a new
set of keys/salts. This is an API for random key/salt generation for use in
WordPress installs.

~~~
fabulist
Thats embarrassing, shows what I know about Word Press. Thank you for
clarifying.

