Skip to main content
We are Brand SEO Beijing serving international business, your marketing partner, Contact us by

Cookie Mechanism in Website CMS

WordPress uses cookies technology (a technology that allows a website server to store a small amount of data on the client's hard drive or memory, or read data information from the client's hard drive) to verify your identity. WordPress cookies are divided into login user cookies and commenter cookies.


A user is a person with a registered account on WordPress.When you log in to WordPress from, WordPress stores the following two cookies:

    1. Authentication cookie (SECURE_AUTH_COOKIE or AUTH_COOKIE) is used for authorization verification. For example, after a session ends or no operation is performed for a long time, the authentication cookie will be invalid and the operator will be required to log in again.
    2. The login cookie (LOGGED_IN_COOKIE) is used for login verification. The login cookie will only expire when the user performs a logout operation or the cookie period exceeds one year.

Real cookies contain hashed data, so you don't have to worry about someone seeing your cookie data and knowing your username and password.A hash is often applied to input data (in this case, your username and password), and it is the result of a mathematical formula.Reversing a hash is nearly impossible with today's computers.This means that cracking the hash and discovering the input data is very difficult.
WordPress uses login cookies to bypass the password entry section of wp-login.php.If WordPress finds that your cookies are valid, you can directly enter the management interface. If you do not have cookies, or have expired, or are invalid for other reasons (such as invalidation after manual editing, etc.), the system will ask you to log in again to Get new cookies. Cookies automatically expire one year after they are created.
Cookies can be set or deleted in /wp-includes/pluggable.php.Use wp_set_auth_cookie() function since WordPress2.5 (wp_setcookie() function has been deprecated), which is the function to set cookies; wp_clear_auth_cookie() function (wp_clearcookie() function has also been deprecated), this function will be deleted from the client browser , which occurs when the user clicks logout in the admin interface.
The following functions also use cookies:
auth_redirect() checks whether the client browser has cookies.If not, the system will display the wp-login.php login page.After logging in, the user can access the desired page.


When visitors visit your blog, cookies are also stored on their computers.This is really convenient because the next time this visitor wants to comment on your blog, there is no need to enter all the information again.The system sets three cookies for commenters:

  1. comment_author
  2. comment_author_email
  3. comment_author_url

Also, all data in cookies is hash-protected.When a visitor returns to your blog, WordPress checks to see if they have a cookie, and then compares their hash to the data stored in the WordPress database.Reviewer cookies expire within one year.
Source of this article:

Back to Top