How Does WordPress Use Cookies

For many of us, the word “cookie” has come to mean something entirely different from the chocolate chip-filled treats that grandma used to bake in the oven. In the digital age, a “cookie” is simply another word for a small piece of information.

What is a Website Cookie?

A cookie is package of info that is sent from a web server to your Web browser, and is then stored on your computer’s hard drive for future reference. This information is typically a text-string of data used by websites to remember users. Cookies enable a website to remember details about you such as your name, email address, your preferences for the site, and other personal information. For example, a website that welcomes you back with a custom greeting, “Hello, Joe!” is using cookies to remember that your name is Joe.

Today almost any major website makes use of cookies to store information about its users. Cookies make life especially more convenient for the returning user, who may not want to log in again or re-enter any information any time they access the site. WordPress is one such website that makes use of cookies to ensure a smooth experience for all returning users.

Why Are Cookies Used?

Most commonly, cookies are used to verify a user’s authentication. Cookies let the website know who is trying to access it, and allows it decide whether to send the user a page full of sensitive information or ask for credentials first. WordPress makes use of authentication cookies to prevent a user from having multiple times. Your Web browser and WordPress’s web server are in constant communication via cookies to ensure that you are still you as you navigate throughout the site.

Types of Cookies

In general, there are two different types of cookies. Persistent cookies are those that store information about you on your hard drive until a specific expiration date. Session cookies are cookies that store information only until you close your Web browser or you log out of a website. WordPress makes use of the former type.


The Blog Millionaire Podcast

The top rated blogging podcast on iTunes is hosted by Brandon Gaille. He built his blog from zero to 1 million monthly visitors in less than 18 months, and he shares his secret strategies in his award winning podcast. Listen to the Latest Episodes Right Now.

When you WordPress, two cookies are generated and stored. The first contains your , the second a double hashed copy of your password. A hash is basically a scrambler code that requires a key to decode, and prevents any outsiders from viewing your sensitive information. Only your computer and WordPress’s web server can decode the hash, keeping your password information safe from third parties.

How Are Cookies Used with WordPress?

As long as you have these two cookies stored, you will not need to the site again. This enables you to navigate away from WordPress or even close the site and come back later without the need . These cookies are stored for two weeks until they expire, at which point the user will need to re-enter their credentials. Users can opt to alter their cookies so that they remain active for a longer period of time.

In addition, WordPress uses a few settings cookies, which remember basic information about how you prefer to view and use the site. These cookies help retain your preferences for interface.

WordPress also uses cookies for commenters on your blog. This is so they will not have to re-enter any information if they chose to leave more than one comment.

All cookies are sent with a built-in expiration date, and in the case of WordPress this expiration date is two weeks after the cookie has been generated. This is so sensitive or changing information does not linger, and it is an additional security measure. Once a cookie expires, it becomes inactive and a new cookie must be generated. When this happens on WordPress, the user will be asked again and a new set of cookies will be delivered.

The Control of the Visitor

A user can also choose to manually delete his or her cookies. This can be done through clearing your Web browser’s cache. If a WordPress user has manually removed their cookies, WordPress will again prompt them to log in, and a new set of cookies containing the user’s name and password will be generated.

Unfortunately cookies have been the center of some controversy in recent years. Because of their ability to store personal information and send it over the web, they can be exploited for malicious reasons. As a general rule, WordPress and other major websites make use of first-party cookies. These cookies are only used by the website the user is interacting with, and only contain information specific to that site such as login information and user preferences. However, advertising companies and some nefarious websites make use of third-party cookies, which can be used to monitor a user’s surfing behavior or send sensitive or private information off to a website that the user is not currently interacting with. Tracking cookies are specifically used for the purpose of “watching” what someone does on the web, which naturally raises privacy concerns.

Are Times Changing?

In 2011 the European Union created a law demanding that all web businesses make users aware of and explicitly agree to the use of cookies. This generated a lot of bad press over the use of cookies in general, as many people do not understand the differences between first and third-party cookies or how cookies are used in the basic functions of a major website. WordPress was not immune to this, and several users were concerned that WordPress would no longer work for them after the law went into effect.

Fortunately, WordPress itself does not make use of tracking cookies. However many users began to audit and better understand their cookie use. WordPress’s creative user base also stepped up and produced several convenient and efficient plugins to make compliance with the new law as painless as possible.

Best WordPress Security Practices