By default, the “Remember Me” checkbox makes you get remembered for 14 days. This is filterable though.
This code will change that value:
add_filter( 'auth_cookie_expiration', 'keep_me_logged_in_for_1_year' );
function keep_me_logged_in_for_1_year( $expirein ) {
return 31556926; // 1 year in seconds
}
Related Posts:
- Does WP show me if I’m logged in from multiple locations?
- Change WP-Login or WP-Admin
- Admin username and password
- I want to disable login of admin (/wp-admin) with email and make it accessible only with username
- How to Change The WordPress Login URL Without Plugin
- 404 redirect wp-login and wp-admin after changing login url [closed]
- Why WordPress not logout after I have close my browser?
- Couple questions about .htaccess, login page, updates
- SSL Error: unable to get local issuer certificate
- When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
- When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
- How to redirect all HTTP requests to HTTPS
- What is the difference between a cer, pvk, and pfx file?
- How to solve “Kernel panic – not syncing – Attempted to kill init” — without erasing any user data
- What’s the best approach for generating a new API key?
- Is it possible to decrypt SHA1
- Simplest two-way encryption using PHP
- Why does the URL http://a/%%30%30 crash Google Chrome?
- what is a auth_user_file.txt?
- When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site?
- How does the SQL injection from the “Bobby Tables” XKCD comic work?
- Error `sec_error_revoked_certificate` when viewed in Firefox only
- How to view PHP on live site
- Convert .pfx to .cer
- how fix “this certificate cannot be verified up to a trusted certification authority”
- Can an attacker use inspect element harmfully?
- Where does Internet Explorer store saved passwords?
- How can bcrypt have built-in salts?
- wordpress frontend login and wp-admin not working right
- Is moving wp-config outside the web root really beneficial?
- Hide the fact a site is using WordPress?
- Verifying that I have fully removed a WordPress hack?
- Infected Files – what to do [closed]
- Can I rename the wp-admin folder?
- Getting a List of Currently Available Roles on a WordPress Site?
- WordPress 4.7.1 REST API still exposing users
- Can I Prevent Enumeration of Usernames?
- Best way to eliminate xmlrpc.php?
- Is there any way to rename or hide wp-login.php?
- Increase of failed login attempts, brute force attacks? [closed]
- If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
- Should I escape wordpress functions like the_title, the_excerpt, the_content
- I found this in a plugin. What does it do? is it dangerous?
- Why should I use the esc_url?
- Should I remove install.php and install-helper.php?
- Prevent access or auto-delete readme.html, license.txt, wp-config-sample.php
- How safe / sanitized is wp_insert_posts()?
- Why does WordPress need my private ssh key to update?
- When to use esc_html and when to use sanitize_text_field?
- From a security standpoint, should bloginfo() or get_bloginfo() be escaped?
- Where to securely store API keys and passwords in WordPress?
- Are Nonces Useless?
- How to Change the Default Home Page for the WordPress Dashboard?
- What is the difference between esc_html filter vs attribute_escape filter?
- Why escape if the_content isnt?
- Securing Admin Accounts – Username Discovery
- Why does WordPress have more than one salt?
- Why are passwords exportable as plain text in WordPress?
- What is the ideal setup to address security concerns?
- Will there be security updates for 3.1 once 3.2 is released?
- How to redirect/rewrite all /wp-login requests
- What’s the difference between esc_* functions?
- Full path disclosure on rss-functions.php
- What to use instead of wp_kses() in user output
- How to set up fail2ban with WordFence?
- How do I technically prove that WordPress is secure?
- Are the default salts secure?
- is_email() VS sanitize_email()
- Unable to login to my wordpress site. reauth=1 redirection loop
- Can someone explain what wp_session_tokens are, and what are they used for?
- WordPress it’s cleaning a custom query_var to avoid sql injections?
- Which KSES should be used and when?
- Can someone explain the use cases of esc_html?
- Is there a way to force ssl on certain pages
- Custom login redirects to wp-admin on wrong password
- How do WordPress Nonces Work?
- Tips for finding SPAM links injected into the_content
- Subscribe to email for security fixes?
- Close a wordpress blog – keep site as it is but prevent hacks
- Is WordPress vulnerable to the httpoxy?
- What is the purpose of having a token in cookies?
- How to escape custom css?
- How to remove “Connection Information” requirement on localhost install of WP on MACOSX
- Understanding SVG vulnerabilities in WordPress related to a specific fix
- What is the best method to close off the backend?
- How is password strength calculated?
- Moving wp-config.php: Can this be done after site launch?
- Change Login URL Without Plugin
- How to secure or disable the RSS feeds?
- How to fake a WordPress login?
- Regular security checks – what steps should be included?
- Limiting sessions to one IP at a time
- Share same domain for wp-admin but for different website
- Custom ReCaptcha Login
- How to allow users login to WP from external domain and make REST requests
- What are the pros and cons of using a custom front-end to retrieve content from a WordPress back-end
- How can I easily verify a core or plugin update has not broken anything?
- Disable comment windows for all existing posts (pages/blogposts)
- Brute force attack?
- WordPress “Site Health Status” trust it or myself for its security advice?