My small doors.

WordPress Plugin: Cookie Timeout

Posted by Moby on May 21st, 2005 at 11:38 am

My wife called me to tell me that people could reach her site’s admin page (specifically her mother), and wanted me to check her site. I told her that she probably forgot to logout, and I was right. The default expiration for the login cookie is one year. I just wrote a small plugin to change that value to something more reasonable.

Version History:

  • 0.60 Compatible with WordPress 2.7. (2008-12-11)
  • 0.50 Compatible with WordPress 2.5. (2008-03-29)
  • 0.42 Fixed another redeclare error and the plugin can now be run from sub-directories. (2008-03-22)
  • 0.40 Added option to ignore the “Remember me” checkbox on the login page. (2006-06-13)
  • 0.36 Added nonce security. (2006-06-03)
  • 0.35 Fixed “Cannot redeclare wp_setcookie()” error when the plugin is activated. (2006-04-10)
  • 0.31 Compatible with WP 2.01. Simply some internal housekeeping on their part. (2006-01-31)
  • 0.30 Compatible with WP 2.0. Now respects the new “Remember me” checkbox on login (2005-12-21)
  • 0.20 Added ability to expire the cookie when the current browser session is closed (2005-06-27)
  • 0.11 Added message for the need to logoff after making changes (2005-05-23)
  • 0.10 Initial version

NOTE: If you want this plugin’s values to work on password protected posts you have to replace the wp-pass.php file in the root of your installation with the following version:

51 Responses to “WordPress Plugin: Cookie Timeout”

  1. XeroCool Says:

    Thanks for the great plugin. Does It work with WP 1.5? I use WP 1.5 and don’t want to upgrade until WP 1.5.2 comes out so…?

    I guess It might work with 1.5. If It doesn’t, ohh well.

  2. Tim Says:

    Hey thanks! Setup was a snap, and if it works like it says it does, then it’s exactly what I was looking for.

  3.   Wordpress Plugin: Cookie Timeout by Blogging Pro Says:

    […] May 30th, 2005 Wordpress Plugin: Cookie Timeout Cookie Timeout allows WordPress users to set the time the admin login cookie […]

  4. WordPress Italy » Blog Archive » Plugin WordPress: Cookie Timeout Says:

    […] « Nuovo tema Plugin WordPress: Cookie Timeout Cookie Timeout permette agli utenti di WordPress di impostare il tempo nel qu […]

  5. Joost Cassee Says:

    It would be even better to expire at the end of a browser session. To make this happen, set the timeout to NULL.

  6. Moby Says:

    Great idea. I’ve added that ability to the plugin.

  7. Andrew Says:

    Brilliant, this is exactly what I want. I can’t believe that the default wordpress installation does not include something like this…

  8. Will Says:

    The plug-in works great, but doesn’t address the cookie written for password protected posts. It has a 10 day default life – a problem if you use public computers. I’ve edited the wp-pass.php file to change line reading “setcookie(‘wp-postpass_’ . COOKIEHASH, $_POST[‘post_password’], NULL /* time() + 864000 */, COOKIEPATH);”, changing 864000 to 0. This clears the password cookie after closing the browser session, but not at logout from WP. Any chance this cookie can be included in your plug-in?

  9. Moby Says:

    Great idea, but I can’t change that from a plugin. However, I did modify the wp-pass.php file to use the plugin’s values. Download

  10. matthieu Says:

    I think that “THIS PLUGIN ROCKS !!” would be the appropriate sentence I will use talking about your idea…


  11. Worlds Revolving Around Me » Auto logout Plugin for WP 1.5.1 or higher Says:

    […] See this site to get the plugin. […]

  12. Sarah and Leo » How the New Look Came Together Says:

    […] Cookie Timeout – Sets the amount of time before the login cookie will expire.  By default, WordPress sets the timeout of the login cookie to one year.  I prefer to have the cookie expire when the browser is closed.  You can do this with this plugin instead of incorporating a code hack into WordPress product itself. […]

  13. Paul Says:

    Thanks for this plugin. I was having the exact same problem that you describe (logged in on my mom’s computer).

    So, when I activated the cookie and changed the timeout, WP told me that I had to log out to make this work properly. How does that work for my mom’s computer–i.e. on a computer that has the old cookie set? Will she have to log out before her cookie expires, or will she be logged out automatically the next time she comes to my WP site?

    I guess what I’m asking is does this change affect previously made cookies by WP, or does it only affect new cookies made after the installation of the plugin?

  14. Moby Says:

    You have to logout on all computers that have the old cookie to get rid of them.

  15. Paul Says:

    Thanks, Moby

    What kills me about the WP cookie is that it doesn’t matter if the password has been changed; the cookie still thinks that the original user has rights to log in. So, if they never log out, there is no way to take away their full-access to the system for OVER A YEAR!

    This seems like it could be a big secuirty issue for somebody who didn’t know enough to log out.

    I guess that is why we should all install, and use, your great plugin from the beginning!

  16. Rocky Says:

    I try to install this plugin in version 1.5.2 and it look like is doesn’t work. Is this version support 1.5.2 or I did something wrong.

  17. Moby Says:

    Yes, it works in 1.5.2. That’s the version I’m using. Are you sure you activated the plugin and did you changed any of the plugin’s options?

  18. mona Says:

    great plugin..
    but it seems not working with my wordpress 1.5

  19. Bob Says:

    Great plugin! a snap to install and use, and works just as expected (I’m on 1.5.2).

    Thanks for your efforts!

  20. heiko Says:

    thanks for the good work… it work´s with 1.5.2!

  21. Daniel Says:

    Thanks for the pluging, works perfectly for me (wp 1.5.2, wpg2).

  22. Antonia Says:

    I installed plugin in plugin folder and activated but when, I try to go to the options page, I get page not found. it’s looking for the php in a different folder. Is there someplace to change this? Am I supposed to copy the file to both places? There’s no Read Me file in the folder.

  23. Moby Says:

    You are using WordPress 1.5.1 or greater, right?

    If so you shouldn’t have to copy the plugin to another place. Can you post the URI that it’s trying to get to?

  24. Antonia Says:

    Yes, I am using 1.5.2. When I click the option it looks for the following:

  25. Nick Says:

    Fantastic …

    Both the Logout and Password Posts are working for me perfectly in IE … but not in Firefox (1.0.7) …

    If I close a browser session and open a new one, I’m still logged in and can still access PW-protected pages …


    Nick :)

  26. Moby Says:


    I use FireFox and it works just fine. Are you running the Session Saver extension in FireFox? That will restore cookies.


    On your General Options page does the WordPress URI = your Blog Address URI?

    Do any of your other plugins with option pages work correctly?

    The link should look like

  27. Antonia Says:


    yes, the two URIs are the same. Other options work correctly except wp-Contact form (which gives me a page not found, and possible one other that I can’t remember now.

    I actually get two different links to the option

    1. The link to the cookietimeout option from the plugin page looks exactly as you have it ( give me this: “Cannot load cookietimeout.php.”

    2. If I go directly to the Option page and click on Cookietimeout, the link is different ( and I get “Page not found.”

  28. Kyle Says:

    I get an error when I try to open the zip file after downloading. Is this plug-in still available? It would be extremely helpful for my site. THANKS!

  29. jstasik Says:

    I am fairly new to WordPress and using it, so I have a question about your plugin. It seems that it will do exactly what I want, however it seems to conflict with the ldap plugin that we are currently using. The error is as follows:
    Fatal error: Cannot redeclare wp_setcookie() (previously declared in /srv/www/htdocs/wp-content/plugins/cookietimeout.php:44) in /srv/www/htdocs/wp-content/plugins/ldap_auth.php on line 277

    The LDAP authentication plugin that we are using is version 1.01 from Patrick Cavit.

    Anyone get them working together?

  30. Moby Says:

    Both plugins modify the function wp_setcookie, so the plugins won’t work together. They would have to be merged into one plugin.

  31. Luis Says:

    As told, it doesn’t work if you have WP 1.5.

    I tried to install ignoring that warning, and happened that I became unable to login, no matter what I tried to do.

    I had to upgrade to WP 2.0 to work on my blog again!

  32. Luis Says:

    Well, I can’t find “logout icon” no more.
    I would like to logout without closing my browser window.
    (I’m also using the Tiger Style Administration plugin).

  33. Adam Says:

    I had to change the code for your wp_pass.php in order to display my password protected posts (same login prompt would keep appearing even after successfully putting in password). I changed:

    setcookie(PASS_COOKIE, …..


    setcookie(‘wp-postpass_’ . COOKIEHASH, ……

    Now it works.

  34. Moby Says:

    Thanks. I’ve updated that file.

  35. Inka Says:

    I copied the file (Version: 0.31) into my plugin folder but when I try to activate it, I get the following error:
    Fatal error: Cannot redeclare wp_setcookie() (previously declared in /home/content/d/r/d/drdetecto/html/wp-includes/pluggable-functions.php:252) in /home/content/d/r/d/drdetecto/html/wp-content/plugins/cookietimeout.php on line 44

    I am using WordPress 2.0.2

    help much appreciated

  36. Moby Says:

    Does it work after you get the error? If not, try refreshing the page with the error still up. Does it work after that?

  37. dglauser Says:

    Heyè Same problem here:
    Fatal error: Cannot redeclare wp_setcookie() (previously declared in /var/www/dglauser/wp-includes/pluggable-functions.php:252) in /var/www/dglauser/wp-content/plugins/cookietimeout.php on line 44, version 2.0.2. Refreshing makes error message disappear, but it seems that the wrong wp_setcookies() is used (not the one of the plugin) afterwards.

  38. Moby Says:

    I’ve fixed the redeclare error.

  39. jangelo Says:

    Hi. I maintain some sites that are still using WP 1.52, and I do believe an older version of your plugin works with that. The plugin doesn’t have the different versions avaiable, though. I hope you can also provide links to the older versions.



  40. Moby Says:

    Added a link to version 0.20 which is compatible with WP 1.52.

  41. Steve Clifton Says:

    Plugin worked beautifully with wp-pass.php on protected posts.
    Many thanks.

  42. Dave Burnett Says:

    Hi, I have read this page a dozen times, repeated all steps, and tried changing numbers. The password protected post always shows after the password is put in. I need it to revert back to “please enter password” after closing the browser window. Maybe I missed something, but I think I’ve tried everything.

  43. girlfiend Says:

    I downloaded the plugin which works beautifully, but I’ve found that the modified file for password protected pages doesn’t work in firefox. I’ve changed the values and it’s fine in IE, but even after logging out and closing the browser I remain logged in to password protected posts in firefox. Any ideas?

  44. Ada celah sekuriti serius di WordPress, upgrade sekarang ke versi 2.1.3! | Aziz Raharjo Says:

    […] setiap kali kita udah kelar bekerja dengan panel WordPress. Saya sendiri sebenarnya memakai plugin Cookie Timeout yang memungkinkan bisa log-out secara otomatis dengan cara menghapus cookie (bukan kue) di browser […]

  45. George Says:

    I am definitely using 0.40 (it has the check supposed to prevent the redeclare error)but I still get the error (with WP 2.3.3,not 2.3.2 as posted above). I’m desperate to get this plugin working. Is there anything I can try?

  46. Moby Says:

    Try this version:

  47. George Says:

    With 0.41 the plugin appears to activate, but when I go to ‘Cookie timeout’ under ‘Options’ I get:

    Not Found

    The requested URL /wp-admin/cookietimeout.php was not found on this server.

    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

    What shall I try next? Your help so far is much appreciated.

  48. Moby Says:

    Give this one a try:

  49. George Says:

    Works like a dream! You’re a star. Many thanks.

  50. George Says:

    Almost missed the 0.6 version update – 0.5 seemed to be working with WP2.7 as far as I was aware!

    Thanks again for developing and maintaining this invaluable plugin.

  51. kc Says:

    Fantastic! I’ve been looking for this plugin for a long time now! Thank you, thank you, thank you!

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>