Pawan Kumawat

How to configure WordPress Auth Cookie Expiration

A 2021 IBM study found that 95% of cyber security breaches result from human error, meaning that eliminating mistakes makes your website more secure. Configuring WordPress Auth Cookie Expiration on your site eliminates the most basic human errors — forgetting to sign out from a user account with immense privileges.

All human errors are often basic and look stupid in retrospect, but they can be very costly. Websites can significantly reduce their exposure to cybersecurity threats by automatically signing out logged-in users after a set period of inactivity by automatically signing out logged-in users after a set period of inactivity.

But how do you implement a WordPress auth cookie to log users out automatically?

Configuring WordPress Auth Cookie Expiration Cookie

Every website provider and CMS system acknowledges the risks of logged-in users with critical member permissions. The industry developed various ways to log users out automatically after continued inactivity.

First used in the financial services industry, user authentication cookies are now widely available. Given the extensive use of WordPress, any site owner can now use WordPress authentication cookies to have inactive logins expire according to set rules.

WordPress users can achieve this in two ways:

  • Using a specialized plugin, or
  • Adding a code snippet to your WP theme.

While effective, the plugin route is the least preferred, as too many plugins make websites slow. They also introduce an added security threat if not maintained regularly.

Adding a simple code snippet to your website is the best way to set up WP auth cookie for login expirations.

To automatically sign out logged-in users through WordPress auth cookie expiration, add the following auth_cookie_expiration hook and filter to the  functions.php folder of your theme’s code.

 

/* Login for only 1 hour */
add_filter( 'auth_cookie_expiration', 'keep_me_logged_in_for_1_hour',9999,1 );
function keep_me_logged_in_for_1_hour( $expirein ) {
    return 60*60; 
}

Why use WP Auth Cookie Expiration

The majority of WordPress cookies expire when a browsing session ends. Out of laziness, however, some users set the browsers to “remember me” while logging in, leaving your website prone to unnecessary security threats.

This code will rectify this by signing out all logged-in users after a set period of inactivity via the WordPress Rest API cookie authentication settings selected by the admin.

Categories

Related Blogs

WordPress Shortcode

WordPress Shortcodes are a powerful feature that allows you to add dynamic content and functionality to your WordPress posts, pages, and widgets. Shortcodes are essentially small snippets of code enclosed in square brackets, like `[shortcode]`, that can be placed within the content area of your WordPress site.

WooCommerce: Check if Product Category is in the Cart

To check if a specific product category is in the cart during the `woocommerce_before_cart` action hook, you can use a similar approach as in the previous answer. However, in this case, you need to use the `woocommerce_before_cart_contents` action hook, which fires before the cart items are displayed on the cart page. Here’s how you can achieve this: