How to Extend the Auto Logout Period in WordPress

The default WordPress behavior for logging a user out is to make a login session cookie that expires in 48 hours or when the browser is closed. If the “Remember Me” box is checked, WordPress will give you 14 days before forcing you to authenticate again.

But what if you don’t want to be bothered to remember your passwords or take the time to look them up? When working with multiple WordPress sites, keeping track of all of your highly complex/tricky admin passwords and remembering them on command every two weeks can become a challenge.

Here’s a useful bit of code for increasing the time that cookies are kept, so that users can remain logged in longer. It was originally posted by Alex (Viper007Bond) on the WordPress StackExchange in response to a user’s question.

Stop WordPress from logging you out:

Add this to your theme’s functions.php file:

1
2
3
4
5
add_filter( 'auth_cookie_expiration', 'keep_me_logged_in_for_1_year' );

function keep_me_logged_in_for_1_year( $expirein ) {
    return 31556926; // 1 year in seconds
}

Change it to whatever time frame you like. You can, in essence, stop WordPress from ever logging you out by changing the number of seconds to be a much higher number.

I don’t feel comfortable editing files. Is there a plugin for this?

Yes, there’s one for nearly anything. ;) If you prefer the ease of a plugin, try Configure Login Timeout. It gives you an admin panel for configuring the values of the normal authentication timemout as well as the “Remember Me” authentication timeout.

The most useful situation for extending the auto logout period would be for local development installations, where you don’t want to have to log in all the time. You might also find it helpful for WordPress sites that you manage alone without any other users. Set the time to whatever you feel comfortable with. Afterall, it’s YOUR WordPress site!

Comments (7)

  1. Great tip. I cant believe I did not know this one. I hate having to keep logging in when working on my localhost. However, I did add my code in a conditional check to see if it was only if on my “localhost” before adding the filter.

    I worry about using this live because a client might use a public computer(even though I advise against) and never be logged out.

Participate