Search code examples
wordpressauthenticationcookiessession-cookiessetcookie

Why does Wordpress use cookies for /wp-admin and /wp-content/plugins for non-admin users

After login with Firefox to Wordpress website as non admin user, 3 cookies are set:

  1. wordpress_logged_in_...
  2. wordpress_sec_... for path /wp-admin
  3. wordpress_sec_... for path /wp-content/plugins

Why are cookies 2-3 needed for non admin user?

Solution

  • According to answer here:

    All logged in users use resources from wp-admin and plugins, not just admins. The cookies are for keeping track of the logged in user’s authorization to access each resource. If a visitor does not log in, no cookies are set at all by default. Themes or plugins may do so though.