How To Set Cookies to Zero Days for a WordPress Blog

Uncomfortable with having your WordPress blog keep subscribers and editors signed in even after closing their browsers?

Here’s how to delete cookies from your WordPress blog. You’ll have to modify a file in the root directory of your WP installation.

Look for the file called wp-pass.php – it should contain php code like so:

require( dirname(__FILE__) . '/wp-config.php');


if ( get_magic_quotes_gpc() )
$_POST['post_password'] = stripslashes($_POST['post_password']);


// 10 days
setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);


wp_safe_redirect(wp_get_referer());

See that line that starts with setcookie?

All you have to do is change “864000” to “0” and the cookie drops from 864,000 seconds to zero seconds. So, the setcookie line should look like this:

setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 0, COOKIEPATH);

When the user closes their browser, the session is complete and the cookie is dropped. Users will have to log in again the next time they visit your blog.

5 thoughts on “How To Set Cookies to Zero Days for a WordPress Blog”

  1. Is there anything else I’m suppose to do? I followed your instructions exactly and still keeps the user logged in.

  2. Hi Richard,
    I’m not sure. What browser are you using? And is it keeping your passwords for you?

  3. How do you deal with the fact that your changes to wp-pass.php will get overwritten next time you upgrade WordPress?

  4. Hey Will,

    I keep the cookies set to the default 10 days mainly because I’m lazy and don’t want to sign in every time I visit one of my blogs :). The change is very simple to drop the cookies to zero days, so I guess you’d just have to remember to change it with each upgrade of WP.

    Good luck and keep bloggin’!

Leave a Reply

Your email address will not be published. Required fields are marked *