If you’ve ever viewed the core configuration file (wp-config.php) for a WordPress site then you’ll probably have noticed a section defining eight WordPress constants relating to security keys and salts: AUTH_KEY
Note: wp-config.php is located in the root folder of your WordPress installation by default.
These constants contain security keys and salts which are used internally by WordPress to add an additional layer of authentication and to enhance security.
To make sure that authentication details are as secure as possible, unique keys and salts are used to increase the level of cookie encryption. These are recommended to be long strings (typically 64 characters long) of random alphanumeric and symbol characters.
The AUTH_KEY, SECURE_AUTH_KEY, and LOGGED_IN_KEY security key constants were added in WordPress 2.6, which replaced a single all-in-one key first introduced in WordPress 2.5.
NONCE_KEY was added soon after, in WordPress 2.7. Corresponding