Sharing Login Cookies Among WordPress Installs

I wanted to have two separate WordPress installs and have both utilize the same user database. I also wanted both sites to share the same login cookies so that they wouldn’t have to login to each site.

I found many examples of sharing the users, but the examples for sharing the cookies/user sessions were not working for me. Most of these examples were a few years old, and were missing a key step which was likely added by WordPress security enhancements (At the time of this post I’m running WordPress 4.7.2).

Be aware that you must edit each install’s wp-config.php file, so please make a backup of each before modifying it! In this example, site A is a top level domain (example.com), and site B is a subdomain (portal.example.com). In this example site B points to site A’s user tables.

Requirements:

  1. Site A’s & Site B’s user tables must be in the same database.
  2. Site A & Site B must share the same top level domain (Subdomains are fine).

Site A’s wp-config.php (example.com):

Insert the following code near the bottom of site A’s wp-config.php file, right before “/* That’s all, stop editing! Happy blogging. */” insert the following:

define( 'COOKIE_DOMAIN', '.example.com' ); //Replace ".example.com" with your top level domain.
define( 'COOKIEHASH', md5( 'https://www.example.com' ) ); //Replace "https://www.example.com" with your site's URL.

Replace the cookie domain string and the cookie hash string with your top level domain. Doing this will allow the cookies to be used in all subdomains/subdirectories. This is the only change to site A’s config.

Site B’s wp-config.php (portal.example.com):

Copy this information from site A to site B (I replaced the strings that were shown in mine with 0s):

define('AUTH_KEY', '0000');
define('SECURE_AUTH_KEY', '0000');
define('LOGGED_IN_KEY', '0000');
define('NONCE_KEY', '0000');
define('AUTH_SALT', '0000');
define('SECURE_AUTH_SALT', '0000');
define('LOGGED_IN_SALT', '0000');
define('NONCE_SALT', '0000');

This was the missing step! If the two wp-config.php files have different values, then the users will need to log in twice… And it actually clears the cookie of the first site you logged into. I haven’t made changes line by line, so I’m not sure if there is one line in particular that would do the trick. It might rely on one value being shared, a few, or all of them. I’m not sure.

Again, near the the bottom of site B’s wp-config.php file, right before “/* That’s all, stop editing! Happy blogging. */” insert the following code:

define( 'COOKIE_DOMAIN', '.example.com' ); //Should be the same as site A.
define( 'COOKIEHASH', md5( 'https://www.example.com' ) ); //Should be the same as site A.

define( 'CUSTOM_USER_TABLE', 'wp_users' ); //Replace this with site A's user database.
define( 'CUSTOM_USER_META_TABLE', 'wp_usermeta' ); //Replace this with site A's user meta database.

Notice that in addition to the cookie, we defined a custom user and user meta table. I won’t go into the details of that here as there are other blogs which you can reference.

Summary

  1. Site A & Site B must share the same cookie settings.
  2. Site A & Site B must share the same salts and keys settings.
  3. One of the sites must point to the other’s user/usermeta database.

I hope that this helps!

Posted in

2 Comments

  1. orlandomacandie on October 27, 2018 at 8:41 pm

    Hello there! I know this is kind of off topic but I was wondering if you knew where I could get a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having trouble finding one? Thanks a lot!

Leave a Comment





Table of Contents