How to configure WordPress Auth Cookie Expiration

A 2021 IBM study found that 95% of cyber security breaches result from human error, meaning that eliminating mistakes makes your website more secure. Configuring WordPress Auth Cookie Expiration on your site eliminates the most basic human errors — forgetting to sign out from a user account with immense privileges.

All human errors are often basic and look stupid in retrospect, but they can be very costly. Websites can significantly reduce their exposure to cybersecurity threats by automatically signing out logged-in users after a set period of inactivity by automatically signing out logged-in users after a set period of inactivity.

But how do you implement a WordPress auth cookie to log users out automatically?

Configuring WordPress Auth Cookie Expiration Cookie

Every website provider and CMS system acknowledges the risks of logged-in users with critical member permissions. The industry developed various ways to log users out automatically after continued inactivity.

First used in the financial services industry, user authentication cookies are now widely available. Given the extensive use of WordPress, any site owner can now use WordPress authentication cookies to have inactive logins expire according to set rules.

WordPress users can achieve this in two ways:

  • Using a specialized plugin, or
  • Adding a code snippet to your WP theme.

While effective, the plugin route is the least preferred, as too many plugins make websites slow. They also introduce an added security threat if not maintained regularly.

Adding a simple code snippet to your website is the best way to set up WP auth cookie for login expirations.

To automatically sign out logged-in users through WordPress auth cookie expiration, add the following auth_cookie_expiration hook and filter to the  functions.php folder of your theme’s code.

 

/* Login for only 1 hour */
add_filter( 'auth_cookie_expiration', 'keep_me_logged_in_for_1_hour',9999,1 );
function keep_me_logged_in_for_1_hour( $expirein ) {
    return 60*60; 
}

Why use WP Auth Cookie Expiration

The majority of WordPress cookies expire when a browsing session ends. Out of laziness, however, some users set the browsers to “remember me” while logging in, leaving your website prone to unnecessary security threats.

This code will rectify this by signing out all logged-in users after a set period of inactivity via the WordPress Rest API cookie authentication settings selected by the admin.

Categories

Related Blogs

Calculate distance between 2 address using latitude and longitude

To calculate the distance between two locations using their latitude and longitude coordinates, you can use the Haversine formula. The Haversine formula is commonly used to calculate the great-circle distance between two points on the surface of a sphere (such as the Earth) given their latitude and longitude.

How to Add Google reCAPTCHA

To use Google reCAPTCHA in your website, you need to obtain a reCAPTCHA API key and secret. Follow these steps to get your reCAPTCHA credentials:

How to know “Who created this coupon?”

What to do when your client ask “Who created this coupon?” . in WooCommerce.  But we don’t have any default things in WooCommerce  which automatically show author of coupon .

How to add custom order status in WooCommerce

To add a custom order status and customize its email template using `register_post_status`, `wc_order_statuses`, `woocommerce_email_actions`, and `woocommerce_email_classes`, you can follow these steps: