How to block the user if login from the cookies

  • I am getting one security issue on my website. I am sharing the steps below
    1. I have installed the cookies editor extension in my Chrome browser
    2. Then I logged in to my WordPress website
    3. Clicked on the cookies editor icon and there is an export option->Export as JSON

    4. Then I Logout the admin panel
    5. Clear all the cache and cookies.
    6. Open the cookies editor again and import the JSON which I got while exporting and click on import


    Then I refresh the page, I can see that I am logged in to the admin panel without login details.


    Any idea how to solve this issue?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    Cookies are what allow you to stay logged in. If you disabled the ability to use cookies, you’d need to re-login for every admin request (there can be dozens for any single admin screen).

    Eventually your stored JSON cookie information will expire and become useless. I don’t see any security risk here, unless you share your own JSON cookie data. It’s no different than sharing your login usernamme and password. Why would you do that?

    Thread Starter Hybreeder

    (@hybreeder)

    Thank you so much for the update. Let me discuss this internally and get back to you

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How to block the user if login from the cookies’ is closed to new replies.