If you’ve ever viewed the core configuration file (wp-config.php) for a WordPress site then you’ll probably have noticed a section defining eight WordPress constants relating to security keys and salts: AUTH_KEY
SECURE_AUTH_KEY
LOGGED_IN_KEY
NONCE_KEY
AUTH_SALT
SECURE_AUTH_SALT
LOGGED_IN_SALT
NONCE_SALT
Note: wp-config.php is located in the root folder of your WordPress installation by default.
These constants contain security keys and salts which are used internally by WordPress to add an additional layer of authentication and to enhance security.
WordPress uses cookies (rather than PHP sessions) to keep track of who is currently logged in. This information is stored in cookies in your browser.
To make sure that authentication details are as secure as possible, unique keys and salts are used to increase the level of cookie encryption. These are recommended to be long strings (typically 64 characters long) of random alphanumeric and symbol characters.
The AUTH_KEY, SECURE_AUTH_KEY, and LOGGED_IN_KEY security key constants were added in WordPress 2.6, which replaced a single all-in-one key first introduced in WordPress 2.5.
NONCE_KEY was added soon after, in WordPress 2.7. Corresponding
Source: https://managewp.org/articles/16946/how-to-auto-update-wordpress-salts
from
https://williechiu40.wordpress.com/2018/01/16/how-to-auto-update-wordpress-salts/