SameSite Cookies
This plugin adds the “SameSite” cookie flag to WordPress’s authentication cookies. On supported browsers (all current IE, Edge, Chrome, and Firefox), this can effectively prevent all Cross-Site Request Forgery attacks throughout your WordPress site.
SameSite cookie flag support was added to PHP on version 7.3, but this plugin ships with a workaround to support all PHP versions WordPress supports.
There is no administrative UI provided: Activate this plugin and you are all set!
You can configure the SameSite flag value from your WordPress configuration file. You cna pick a value from Lax (default), Strict, or None. You can read about SameSite cookies here.
To configure the SameSite flag value, edit your WordPress configuration file (wp-config.php), and add the following lines right above /** Sets up WordPress vars and included files. */.
`php
define( ‘WP_SAMESITE_COOKIE’, ‘Lax’ ); // Pick from ‘Lax’, ‘Strict’, or ‘None’.
`
Note that only the authentication cookies are affected. Regular cookies that your installed plugins set will not be affected, nor provide any meaningful value with SameSite flags.
Download & install the zip archive
The plugin package installer can be downloaded from the WP2E project tab called “code”.
1 – Select the version to download if this option is available otherwise the “latest” version of the main plugin will be used.
2 – After downloading the zip archive install the plugin package installer in you local environment and activate the script from the plugin list.
3 – Under the section “Plugins” of the admin dashboard you should see a new “Dependencies & Licenses” link. Follow the instructions from this panel to finalize the installation of the missing dependencies.
-
- Give a name to your project
-
- Download the Installer Package
-
- Install & activate the plugin locally
-
- Install the suggested dependencies
Tips: Use the WP2E panel to add/suggest new dependencies to the local installation. Press F5 in the list of dependencies if the changes are not displayed right away.