Title: WordPress Session Time
Author: WordPress VIP Documentation
Published: August 20, 2025
Last modified: February 26, 2026

---

 1. [Security Controls](https://docs.wpvip.com/security-controls/)
 2. [WordPress Security Controls](https://docs.wpvip.com/security-controls/wordpress/)
 3. WordPress Session Time

#  WordPress Session Time

By default, a user that logs in to a WordPress site only stays logged in for 48 
hours. The duration of logged-in session time increases to 14 days if the user toggles
the option labeled “Remember Me” when entering their login credentials to the login
portal.

The WordPress Session Time module of [the **WordPress Security Controls** panel](https://docs.wpvip.com/security-controls/wordpress/)
allows a custom number of days (between 1 and 14) for users on the environment to
stay logged in. Lowering the number of days that users stay logged in reduces the
likelihood for a bad actor to access a site’s WordPress Admin dashboard with valid
credentials.

## Limitations

 * Settings are per-environment. For WordPress multisite environments, different
   settings cannot be applied per-network site.
 * **WordPress Security Controls** [utilizes a specific set of filters](https://github.com/Automattic/vip-security-boost/).
   If these filters are removed in custom application code, the feature will not
   work as expected.

## Access

**Prerequisite**

To access and manage settings for WordPress Session Time in the **WordPress Security
Controls** panel, a user must have an [App write role](https://docs.wpvip.com/manage-user-access/vip-dashboard/app-role/)
for an application or an [Org admin role](https://docs.wpvip.com/manage-user-access/vip-dashboard/org-roles/).

To access settings for WordPress Session Time in the **WordPress Security Controls**
panel in the VIP Dashboard:

 1. Navigate to the VIP Dashboard for an application.
 2. Select an environment from the dropdown located at the upper left of the dashboard.
 3. Select “**Security Controls**” from the sidebar navigation at the left of the screen.
 4. Select “**WordPress**” from the navigation submenu.
 5. Select the accordion module titled “**WordPress Session Time**“.

## Configure

**Note**

If an application has custom code that sets a specific amount of time for WordPress
sessions, select the “**Default**” option in WordPress Security Controls to continue
allowing the custom code to take precedence.

In the WordPress Session Time module of **WordPress Security Controls**, configure
the number of days which users can remain logged in to a site.

 1. Select one of the options listed below the label “**Session Time**“:
 2.  * **Elevated Security:** 7 days
     * **Default:** 14 days
     * **Customize:** Configure the duration of time for users to stay logged in to
       be between 1 and 13 days. To configure the number of days either:
        - Select the slider component and move the handle to the left to lower the 
          integer value. Move the handle to the right to increase the integer value.
        - Enter an integer value between 1 and 13 in the slider input text field.
 3. If configuring the WordPress Session Time module for a production environment, 
    optionally toggle the box labeled “**Apply these settings to all environments in
    this application**” to apply the configured number of days to all of the application’s
    environments.
 4. Select the button labeled “**Save Changes**” to apply the updated setting to the
    environment.

![](https://docs.wpvip.com/wp-content/uploads/sites/2/2025/08/WP-Session-Time-Customize.
png)

Example screenshot of the “WordPress Session Time” slider and input field

Last updated: February 26, 2026