WordPress: Forcing all cookies to be secure

WordPress: Forcing all cookies to be secure

Posted by on May 29, 2014 in WordPress | 0 comments

If logging in over SSL in WordPress two cookies are set, one secure one and one not. If you need to ensure both are secure, you will need to do some WordPress core editing. Perhaps there is a better way of doing this, but I have not yet found it

Open up wp-includes/pluggable.php and scroll down to line 650 or so:

change the $secure_logged_in_cookie to $secure on both lines:

And now both cookies will be marked secure

Post a Reply

Your email address will not be published. Required fields are marked *