What are cookies?

Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when websites are loaded in a browser. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next.

Cookies may be set by the site that you are visiting, known as ‘first-party cookies; or by third parties, such as those who serve content or provide advertising or analytics services on the website, known as ‘third-party cookies’.

See full list of WooCommerce cookies.

Full List of WordPress Cookies

WordPress cookies can be divided into two categories:

  • WordPress Users Cookie – “strictly necessary” cookies as WordPress will not be able to function without it. They are also session cookies as they expire once the user logs out or exits the page.
  • WordPress Commenters Cookie – not “strictly necessary” cookies and are set when users leave a comment on a post. These can also be classified as persistent cookies.

Note: those includes only cookies set by WordPress only – this doesn’t include cookies set by plugins.

List of WordPress Users Cookie

According to WordPress codex “Users are those people who have registered an account with the WordPress site.”

  • wordpress_{hash}
  • wordpress_logged_in_{hash}
  • wordpress_test_cookie
  • wp-settings-{UID}
  • wp-settings-time-{UID}
  • wp-saving-post
  • wp-postpass_{hash}
  • wordpress_sec
WordPress Cookie NameDurationPurposeLogged-in Users Only?
wordpress_{hash}WordPress uses the login wordpress_{hash} cookie to store authentication details. Its use is limited to the Administration Screen area, /wp-admin/Yes
wordpress_logged_in_{hash}SessionRemember User session. WordPress sets the after login wordpress_logged_in_{hash} cookie, which indicates when you’re logged in, and who you are, for most interface use.Yes
wordpres_test_cookieSessionTest if cookie can be set. WordPress also sets wordpress_test_cookie cookie to check if the cookies are enabled on the browser to provide appropriate user experience to the users. This cookie is used on the front-end, even if you are not logged in.No
wp-settings-{user_id}1 yearCustomization cookie. Used to persist a user’s wp-admin configuration. The ID is the user’s ID. This is used to customize the view of admin interface, and possibly also the main site interface.Yes
wp-settings-time-{user}1 yearTime at which wp-settings-{user} was setYes
wp-saving-post1 dayAuto-saving cookie: wp-saving-post is a WordPress cookie created when auto-saving a post in the editor. Used to track if there is saved post exists for a post currently being edited. If exists then let user restore the data.Yes
wp-postpass_{hash}10 daysUsed to maintain session if a post is password protectedNo
wordpress_secThere is not yet any general information about this cookie based on its name only. If you have any information about this cookie, please share in the comments section below.Yes

Note: {hash} represents the value that is obtained by applying a specific mathematical formula applied to the username and password. It is to ensure that the input values are safe, and no one can access these data using the cookies as it is difficult to ‘unhash’ the hashed data.

List of WordPress Commenters Cookies

When visitors comment on your blog, they too get cookies stored on
their computer. This is purely a convenience, so that the visitor won’t
need to re-type all their information again when they want to leave
another comment. Three cookies are set for commenters:

  • comment_author_{HASH}
  • comment_author_email_{HASH}
  • comment_author_url_{HASH}

The commenter cookies are set to expire a little under one year from the time they’re set.

WordPress Cookie NameDurationPurposeLogged-in Users Only?
comment_author_{HASH}347 daysUsed to tracked comment author name, if “Save my name, email, and website in this browser for the next time I comment.” is checkedNo
comment_author_email_{HASH}347 daysUsed to tracked comment author email, if “Save my name, email, and website in this browser for the next time I comment.” is checkedNo
comment_author_url_{HASH}347 daysUsed to track comment author url, if “Save my name, email, and website in this browser for the next time I comment.” checkbox is checkedNo


Leave a Reply