Skip to content

WordPress Session Time

By default, a user that logs in to a WordPress site only stays logged in for 48 hours. The duration of logged-in session time increases to 14 days if the user toggles the option labeled “Remember Me” when entering their login credentials to the login portal.

The WordPress Session Time module of the WordPress Security Controls panel allows a custom number of days (between 1 and 14) for users on the environment to stay logged in. Lowering the number of days that users stay logged in reduces the likelihood for a bad actor to access a site’s WordPress Admin dashboard with valid credentials.

Limitations

  • Settings are per-environment. For WordPress multisite environments, different settings cannot be applied per-network site.
  • If the remove_all_filters() function exists in application code, WordPress Security Controls will not work as expected. 

Access

Prerequisite

To access and manage settings for WordPress Session Time in the WordPress Security Controls panel, a user must have an App write role for an application or an Org admin role.

To access settings for WordPress Session Time in the WordPress Security Controls panel in the VIP Dashboard:

  1. Navigate to the VIP Dashboard for an application.
  2. Select an environment from the dropdown located at the upper left of the dashboard.
  3. Select “Security Controls” from the sidebar navigation at the left of the screen.
  4. Select “WordPress” from the navigation submenu.
  5. Select the accordion module titled “WordPress Session Time“.

Configure

Note

If an application has custom code that sets a specific amount of time for WordPress sessions, select the “Default” option in WordPress Security Controls to continue allowing the custom code to take precedence.

In the WordPress Session Time module of WordPress Security Controls, configure the number of days which users can remain logged in to a site.

  1. Select one of the options listed below the label “Session Time“:
    • Elevated Security: 7 days
    • Default: 14 days
    • Customize: Configure the duration of time for users to stay logged in to be between 1 and 13 days. To configure the number of days either:
      • Select the slider component and move the handle to the left to lower the integer value. Move the handle to the right to increase the integer value.
      • Enter an integer value between 1 and 13 in the slider input text field.
  2. If configuring the WordPress Session Time module for a production environment, optionally toggle the box labeled “Apply these settings to all environments in this application” to apply the configured number of days to all of the application’s environments.
  3. Select the button labeled “Save Changes” to apply the updated setting to the environment.
Example screenshot of the “WordPress Session Time” slider and input field

Last updated: August 20, 2025

Relevant to

  • WordPress