How to delete Password Protected posts cookies when a user logged out from the site

The post password cookie is set with:

setcookie( 
    'wp-postpass_' . COOKIEHASH, 
     $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), 
     $expire, 
     COOKIEPATH, 
     COOKIE_DOMAIN, 
     $secure 
);

in the wp-login.php file.

We can then use the clear_auth_cookie hook, in the wp_clear_auth_cookie() function, to clear it on logout:

/**
 * Clear the Post Password Cookie on logout.
 *
 * @link http://wordpress.stackexchange.com/a/198890/26350
 */
add_action( 'clear_auth_cookie', function()
{    
    setcookie(  
       'wp-postpass_' . COOKIEHASH, 
       '', 
       time() - YEAR_IN_SECONDS, 
       COOKIEPATH, 
       COOKIE_DOMAIN 
    );
});

Related Posts:

  1. How to delete Passwrd Protected posts cookies when a user logged out from the site
  2. Security error WP 4.0 + WP phpBB Bridge [closed]
  3. Preventing BFA in WordPress without using a plugin
  4. Specific way to allow WordPress users to view their current password? And edit it?
  5. My WP site and password was hacked, what to do? [closed]
  6. How to resolve these findings from security audit
  7. Stop the user if login from the cookies
  8. What security concerns should I have when setting FS_METHOD to “direct” in wp-config?
  9. I found this in a plugin. What does it do? is it dangerous?
  10. Disabled plugins are they security holes – rumor or reality?
  11. What could a hacker do with my wp-config.php
  12. How Can I Securely Implement a Password-less Login Feature?
  13. Security and .htaccess
  14. Are there procedures to prevent malicious plugin updates?
  15. Keep one user logged for a year?
  16. How do I email a new page password to somebody every month?
  17. Should we use plugins that aren’t available from the official WordPress site?
  18. Why allow overriding crucial pluggable functions wp_verify_nonce and wp_create_nonce?
  19. Where should my plugin POST to?
  20. Should I install plugins to my WordPress installation from web sites having in URL “nulled” or, “null”?
  21. login to wordpress with Get variables instead of Post
  22. Detecting $_GET parameters from any page + Cookie
  23. Disabled plugins are security holes – rumor or reality?
  24. Multiple Password Portal Page BEFORE User Account Set Up
  25. Prevent Brute Force Attack
  26. Problem protecting a page with a password
  27. Upgrading WordPress 4.0 asks for FTP password
  28. When is it useful to use wp_verify_nonce
  29. Protecting against malicious code in WordPress plugin updates
  30. Set cookie then immediantly refresh the page
  31. Disable WordPress password reset via mails,instead notify admin about the reset request
  32. How to expire all wordpress user passwords instantly?
  33. Weird problems after recovery from security breach
  34. How can we deal with unmaintained plugins with vulnerabilities?
  35. Security issues with WP sites
  36. Escape when echoed
  37. Should you escape hardcoded URLs?
  38. Do We Need to Validate, Sanitize, or Filter Simple Numerical Superglobals (Cookies and Post)?
  39. How can I make uploaded images in the editor load with HTTPS?
  40. How to stop xmlrpc attacks without disabling component to allow JetPack to work in WordPress?
  41. WordPress filter that hook after each action/filter hook
  42. Does WordPress validate inputs to all functions? (such as get_user_meta and insert_user_meta)
  43. How to save generated JWT token to cookies on login?
  44. How to block plugin activations with no known user or coming from unknown IP address range?
  45. Check for security updates
  46. User Session and Stored Cookies not get removed
  47. Where does the cookie mo_page_views_counter come from?
  48. Standard Fail2Ban vs. WP Fail2ban vs. WP Fail2Ban Redux
  49. Why can’t I access my Intranet LDAPS with NADI?
  50. Malicious File Upload [closed]
  51. Stop Plugin Enumeration [closed]
  52. How to handle cookies from a WordPress plugin on a cached page?
  53. Login cookies set as wrong domain
  54. Hack-Proof OR Security in WordPress — is it real?
  55. Security and Must Use Plugins
  56. Basic password protection without using users and roles
  57. Is Timthumb still broken? What security measures should be taken?
  58. Is it safe to use admin-ajax.php in the frontend?
  59. How to protect WordPress from security scanner [closed]
  60. Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
  61. How to prevent plugins from sniffing/stealing other plugins’ options?
  62. How to deal with Slow HTTP POST (slowloris) vulnerability
  63. Running multiple security plugins
  64. Displaying content based on drop-down menu selection sitewide
  65. Blurry images when loading the page first time
  66. Plugin: connect to external database without showing password
  67. If I use an alternative login (e.g. CAS or other SSO) plugin, is my site protected from the recent brute force login attempts?
  68. WP Insert Post If user refreshes override new post
  69. 404 errors when updating options in admin dashboard
  70. Website Captcha Error: The reCAPTCHA wasn’t entered correctly
  71. Cookies set by a plugin in wordpress for tracking
  72. WordPress search shows protected content
  73. Can I disable xml-rpc by setting it to false?
  74. Help to Create a Simple Plugin to make a post
  75. Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
  76. Block Google tracking on refuse consent of the user with plugin
  77. wp_set_password() does not work!
  78. Login/password protected “client page”
  79. WordPress Admin login redirect to homepage
  80. “Fire Secure” menu item
  81. How to make a page both “private” and “password protected”
  82. https rewrite not working for All in one security Brute force > rename login url
  83. Members-only page, but accessible via sharable link
  84. How can I store user preferences in WordPress and retreive them later?
  85. WordPress delete cookie
  86. admin-ajax.php not working properly on subdomains
  87. Redux framework somehow added to my site, can’t locate in plugins
  88. wp_verify_nonce fails always
  89. Validating values using Settings API?
  90. using .htaccess only for wordpress security no plugins
  91. How can I allow for the password protect feature to allow visitors to enter any number at all?
  92. Problem with permissions in wp-content/plugins
  93. WordPress Plugin: Where should I put my cookies for cURL?
  94. ERROR: Cookies are blocked due to unexpected output – no access to FTP
  95. How I can hide my wp folders from Inspect Element (Developer Tools)
  96. How to Find WordPress site has backdoor login Codes
  97. How to rename files during upload to a random string?
  98. Is it a good idea to restrict the REST API
  99. WordPress.Security.NonceVerification.Recommended
  100. Lost Password of my site, how to reset wordpress password?