WordPress uses the login wordpress_{hash} cookie to store authentication details. Its use is limited to the Administration Screen area, /wp-admin/
Yes
wordpress_logged_in_{hash}
Session
Remember User session. WordPress sets the after login wordpress_logged_in_{hash} cookie, which indicates when you’re logged in, and who you are, for most interface use.
Yes
wordpres_test_cookie
Session
Test if cookie can be set. WordPress also sets wordpress_test_cookie cookie to check if the cookies are enabled on the browser to provide appropriate user experience to the users. This cookie is used on the front-end, even if you are not logged in.
No
wp-settings-{user_id}
1 year
Customization cookie. Used to persist a user’s wp-admin configuration. The ID is the user’s ID. This is used to customize the view of admin interface, and possibly also the main site interface.
Yes
wp-settings-time-{user}
1 year
Time at which wp-settings-{user} was set
Yes
wp-saving-post
1 day
Auto-saving cookie: wp-saving-post is a WordPress cookie created when auto-saving a post in the editor. Used to track if there is saved post exists for a post currently being edited. If exists then let user restore the data.
Yes
wp-postpass_{hash}
10 days
Used to maintain session if a post is password protected
No
wordpress_sec
There is not yet any general information about this cookie based on its name only.
Yes
Note: {hash} represents the value that is obtained by applying a specific mathematical formula applied to the username and password. It is to ensure that the input values are safe, and no one can access these data using the cookies as it is difficult to ‘unhash’ the hashed data.
