Basic, Free
On-demand key rotation for 1 site. Regenerate your salts and kill every session whenever you suspect a compromise.
Security Keys Rotation regenerates the WordPress secret keys and salts in wp-config.php, on demand or on a schedule, which invalidates every existing login cookie and instantly logs out any attacker holding a stolen session, across all your connected sites.
Security Keys Rotation is a WP Tailwatch feature that regenerates the WordPress secret keys and salts in wp-config.php, on demand or on a schedule, across all your connected sites. Because those keys secure your authentication cookies, rotating them invalidates every active session and instantly logs out anyone holding a stolen login, forcing every user to re-authenticate.
If an attacker steals a logged-in session cookie, a password change alone won't kick them out. Rotating your secret keys does, it invalidates every cookie at once and forces everyone to sign back in.
Trigger a rotation by hand or on a schedule, and WP Tailwatch rewrites your keys and ends every session for you. No wp-config.php editing, no waiting on support.
Rotate keys with one tap after a suspected compromise, or set a recurring schedule so your salts refresh automatically, no hand-editing wp-config.php required.
WP Tailwatch regenerates the AUTH_KEY, SALT, and related constants in wp-config.php, so the values that secured your old authentication cookies no longer exist.
All existing login cookies become invalid at once. Legitimate users simply sign back in, and any attacker holding a stolen session is locked out instantly.
WordPress secret keys and salts are the constants that protect the authentication cookies keeping your users logged in. They're defined in wp-config.php, and their whole job is to make session cookies hard to forge or reuse. Source: WordPress.org documentation, Security Keys. Because those keys sign every login cookie, regenerating them forces every active session to re-authenticate, which is exactly what you want when a session may be in the wrong hands.
That makes key rotation one of the fastest ways to evict an attacker. A stolen session cookie survives a password reset, but it cannot survive a key rotation. Do it on demand after an incident or on a schedule to limit exposure. That is the WP Tailwatch difference: rotation built in, instead of one more plugin to bolt on.
Start rotating keys for free, upgrade for scheduling, alerts, and scale.
On-demand key rotation for 1 site. Regenerate your salts and kill every session whenever you suspect a compromise.
Scheduled key rotation with completion push alerts for 1-20 sites. Refresh salts automatically and limit exposure.
Rotate keys across 21-1,000 sites on schedule with tiered volume pricing and one dashboard for everything.
Security Keys Rotation pairs with the rest of WP Tailwatch to replace 50+ separate plugins.
Straight answers on how key rotation invalidates sessions, logs out attackers, and works across all your sites.
Security Keys Rotation regenerates the WordPress secret keys and salts, the AUTH_KEY and SALT constants in wp-config.php, on demand or on a schedule. Because those keys secure your authentication cookies, rotating them invalidates every existing login session and forces all users to sign in again, across all your connected sites.
WordPress secret keys and salts protect the authentication cookies that keep users logged in. When you regenerate them, every existing cookie becomes invalid, so an attacker who stole a logged-in session is instantly signed out and has to re-authenticate, which they can't do without valid credentials.
The security keys and salts are defined as constants in your wp-config.php file. Security Keys Rotation updates those constants for you, so you don't have to hand-edit wp-config.php or paste new values from the WordPress secret-key generator yourself.
No. Rotating keys doesn't change your data or settings, it only invalidates active login sessions. The only visible effect is that you and your users are logged out and need to sign in again, which is exactly the point when you're trying to kill a compromised session.
Yes. WP Tailwatch is multi-site by design, so you can rotate keys on demand or set a recurring schedule and apply it across every connected WordPress site from a single dashboard and the mobile app, instead of editing each wp-config.php by hand.
Rotate keys immediately after any suspected compromise, password change, or staff offboarding to kill any sessions an attacker may hold. Rotating on a recurring schedule also limits how long any stolen session could remain valid, even if you never detect the theft.
Yes. On-demand key rotation is available on the free Basic plan for one site. Paid Business and Agency plans add scheduled rotation, rotation confirmation alerts, and rotating keys across many sites from one place.
Yes. Security Keys Rotation is one of the tools that lets WP Tailwatch replace 50+ separate plugins. Instead of installing a standalone salt-rotation plugin on every site, key rotation is built into the same platform that handles your security, backups, and monitoring.
Regenerate your salts on demand or on schedule, invalidate every stolen session, and apply it across every site from one dashboard. Start free today.