Skip to content
Menu
Billy Fisher
  • Home
  • Talks
  • About Me
  • Resume
Billy Fisher

Get WordPress Salts

Posted on November 15, 2020November 22, 2020 by Billy

So for the salts, I started simple, with the underlying assumption that each deployment could be pre-salted by the source bundle, and reduce operational overhead.

But upon reading a bit further saw that rotating the salts regularly is a good opportunity to invalidate sessions, and ensure that logins are having to regularly happen — so figured I could try re-salting every time configuration changes, or deployments, are made via Elasticbeanstalk (e.g. such as through the console).

So we’ll want to generate the salts and build the dictionary so that we can then return those when the time comes to incorporate those into the Elasticbeanstalk configuration. By leveraging the wordpress API we can then:

import urllib.request
import re

def get_wordpress_salts():
    with urllib.request.urlopen('https://api.wordpress.org/secret-key/1.1/salt/') as s:
        salts_from_api = s.read().decode('utf-8')

    salts = {'AUTH_KEY': re.search("'AUTH_KEY', .*'(.*)'", salts_from_api).group(1),
             'SECURE_AUTH_KEY': re.search("'SECURE_AUTH_KEY', .*'(.*)'", salts_from_api).group(1),
             'LOGGED_IN_KEY': re.search("'LOGGED_IN_KEY', .*'(.*)'", salts_from_api).group(1),
             'NONCE_KEY': re.search("'NONCE_KEY', .*'(.*)'", salts_from_api).group(1),
             'AUTH_SALT': re.search("'AUTH_SALT', .*'(.*)'", salts_from_api).group(1),
             'SECURE_AUTH_SALT': re.search("'SECURE_AUTH_SALT', .*'(.*)'", salts_from_api).group(1),
             'LOGGED_IN_SALT': re.search("'LOGGED_IN_SALT', .*'(.*)'", salts_from_api).group(1),
             'NONCE_SALT': re.search("'NONCE_SALT', .*'(.*)'", salts_from_api).group(1)}

    return salts

References

WordPress Salts

Updating your WordPress security keys on a regular basis is a great way to harden your WordPress site. While the keys are extremely difficult to break, changing them every so often adds another layer of complexity.

The four keys are required for the enhanced security. The four salts are recommended, but are not required, because WordPress will generate salts for you if none are provided. They are included in wp-config.php by default for

Python 3 urllib.request Examples

https://docs.python.org/3.8/library/urllib.request.html#examples

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

7 + 2 =

Categories

  • Building the Elasticbeanstalk Source Bundle
  • Cloud Computing
  • Coding
  • Computing
  • Going Serverless on Wordpress for AWS
  • Uncategorized

This Site Hosted On

Amazon Web Services: ElasticBeanstalk, RDS, and EFS. Really enjoying just focusing in on the content and having ElasticBeanstalk, and the package build process, perform all of the LAMP and Wordpress updates, automatically. Using aws blueprint: aws_blueprint_ebs_wordpress_efs_rds

My Github Projects

  • api-gateway-custom-authorizers
  • async-http-client-gradle-scala
  • async-http-client-sbt-scala
  • aws-serverless-express
  • aws_api_gateway_http_proxy_redirect_rewrite
  • aws_blueprint_ebs_wordpress_efs_rds
  • aws_lambda_scala_ec2_reports
  • aws_serverless_application_model_python
  • bike-distributor-refactor
  • CRUDUsers
  • digital-ocean-jenkins-dev-environment
  • java-functional-tests
  • java9-hello-modules
  • kind-argo
  • nbbo
©2023 Billy Fisher | Theme: Wordly by SuperbThemes