Fix WordPress login cookie issues


You keep getting an error about cookies not being enabled in your browser, when you try to log into WordPress, even when cookies are enabled. Clearing your browser cache and cookies does not help.

Scenario #1

This might occur only when installed on localhost or another machine on your  LAN, but the site works fine on production. URLs that contain IP addresses other than or names other than localhost may fail to login. For example, URLs such as http://bast/wp-login.php may fail to log in, but only on Chromium/Webkit based browsers, such as Chrome, Safari, Firefox, Edge, and Vivaldi. Login may work just fine on non-Chromium/Webkit browsers such as Pale Moon (Goanna based), K-Meleon (Gecko based), and Internet Explorer (Triton based)


Try adding the following to wpconfig.php:


If that doesn’t work, then try this:

define('COOKIE_DOMAIN', [''] );

Scenario #2

Buddypress or multi-site users may have trouble logging in when the site contains a login form on the sidebar or front page.


Check your theme, widgets, and login related plugins, to make sure the following does NOT appear anywhere:

<input type="hidden" name="testcookie" value="1" />

If on multi-site or Buddypress, create a subfolder named mu-plugins inside your wp-content folder, and inside that folder place a file named cookie-fix.php.

The content of that file should be the following:

<?php //fix for cookie error while login. function set_wp_test_cookie() { setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN); if ( SITECOOKIEPATH != COOKIEPATH ) setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN); } add_action( 'after_setup_theme', 'set_wp_test_cookie', 101 ); ?>

This will set the test cookie on every page of the site, to ensure it is already set before visiting the login page or using any other login form on the site. This is especially helpful for Buddypress sites with a login form on the front page or sidebar.

If all else fails

You could try adding the following to your theme’s functions.php, but for security reasons, NEVER do this on a live production site, or you’ll be begging for your site to get hacked

function wp_validate_auth_cookie($cookie='',$scheme='') { return 1; // admin user id }

Keep in mind that this will be overwritten by theme updates, unless you are using it in a child theme.




Even if you think it’s a WordPress bug, it’s never a good idea to edit core files.


Leave a Reply