There's no security problem here. If you refresh the page, you're given a new set of keys/salts. This is an API for random key/salt generation for use in WordPress installs.
This should be renamed: WordPress.org secret-key service
As it says in the default wp-config.php of a WordPress installation:
/*
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
This page is meant to generate the code to be pasted into a new wp-config.php
4 comments
[ 3.4 ms ] story [ 22.0 ms ] threadAs it says in the default wp-config.php of a WordPress installation:
This page is meant to generate the code to be pasted into a new wp-config.php