Filter
Since 2.5.0
uncanny-toolkit-pro
salt
Filters the WordPress salt. Filters the WordPress salt, allowing modification of authentication keys and nonces for various security schemes.
add_filter( 'salt', $callback, 10, 2 );
Description
Filters the WordPress salt for a given authentication scheme before it's used. Developers can modify the salt string to enhance security or integrate custom authentication mechanisms. This hook is called internally by WordPress when generating salts for various security purposes.
Usage
add_filter( 'salt', 'your_function_name', 10, 2 );Parameters
-
$cached_salt(string) - Cached salt for the given scheme.
-
$scheme(string) - Authentication scheme. Values include 'auth', 'secure_auth', 'logged_in', and 'nonce'.
Return Value
The filtered value.
Examples
// Example of modifying the 'logged_in' salt to include a site-specific prefix.
// This is generally not recommended for security reasons, but demonstrates
// how you could alter the salt if absolutely necessary.
add_filter( 'salt', function( $cached_salt, $scheme ) {
// Only modify the 'logged_in' salt.
if ( 'logged_in' === $scheme ) {
// Get the current site's domain to create a unique prefix.
$site_domain = parse_url( home_url(), PHP_URL_HOST );
// Append the domain to the existing salt.
$modified_salt = $site_domain . $cached_salt;
return $modified_salt;
}
// Return the original salt for other schemes.
return $cached_salt;
}, 10, 2 );Placement
This code should be placed in the functions.php file of your active theme, a custom plugin, or using a code snippets plugin.
Source Code
src/includes/simple_timer_performance.php:405
src/includes/simple_timer_performance.php:460
private function wp_salt( $scheme = 'auth' ) {
static $cached_salts = array();
if ( isset( $cached_salts[ $scheme ] ) ) {
/**
* Filters the WordPress salt.
*
* @since 2.5.0
*
* @param string $cached_salt Cached salt for the given scheme.
* @param string $scheme Authentication scheme. Values include 'auth',
* 'secure_auth', 'logged_in', and 'nonce'.
*/
return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme );
}
static $duplicated_keys;
if ( null === $duplicated_keys ) {
$duplicated_keys = array( 'put your unique phrase here' => true );
foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) {
foreach ( array( 'KEY', 'SALT' ) as $second ) {
if ( ! defined( "{$first}_{$second}" ) ) {
continue;
}
$value = constant( "{$first}_{$second}" );
$duplicated_keys[ $value ] = isset( $duplicated_keys[ $value ] );
}
}
}
$values = array(
'key' => '',
'salt' => ''
);
if ( defined( 'SECRET_KEY' ) && SECRET_KEY && empty( $duplicated_keys[ SECRET_KEY ] ) ) {
$values['key'] = SECRET_KEY;
}
if ( 'auth' == $scheme && defined( 'SECRET_SALT' ) && SECRET_SALT && empty( $duplicated_keys[ SECRET_SALT ] ) ) {
$values['salt'] = SECRET_SALT;
}
if ( in_array( $scheme, array( 'auth', 'secure_auth', 'logged_in', 'nonce' ) ) ) {
foreach ( array( 'key', 'salt' ) as $type ) {
$const = strtoupper( "{$scheme}_{$type}" );
if ( defined( $const ) && constant( $const ) && empty( $duplicated_keys[ constant( $const ) ] ) ) {
$values[ $type ] = constant( $const );
} elseif ( ! $values[ $type ] ) {
$values[ $type ] = get_site_option( "{$scheme}_{$type}" );
if ( ! $values[ $type ] ) {
$values[ $type ] = wp_generate_password( 64, true, true );
update_site_option( "{$scheme}_{$type}", $values[ $type ] );
}
}
}
} else {
if ( ! $values['key'] ) {
$values['key'] = get_site_option( 'secret_key' );
if ( ! $values['key'] ) {
$values['key'] = wp_generate_password( 64, true, true );
update_site_option( 'secret_key', $values['key'] );
}
}
$values['salt'] = hash_hmac( 'md5', $scheme, $values['key'] );
}
$cached_salts[ $scheme ] = $values['key'] . $values['salt'];
/** This filter is documented in wp-includes/pluggable.php */
return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme );
}