[wp-trac] [WordPress Trac] #52639: Add proper Security Attributes to the Cookies set by WordPress

WordPress Trac noreply at wordpress.org
Tue Aug 20 11:16:27 UTC 2024


#52639: Add proper Security Attributes to the Cookies set by WordPress
-------------------------------+-------------------------------
 Reporter:  isaumya            |       Owner:  (none)
     Type:  enhancement        |      Status:  new
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  Security           |     Version:
 Severity:  normal             |  Resolution:
 Keywords:  reporter-feedback  |     Focuses:  coding-standards
-------------------------------+-------------------------------

Comment (by andyhirdjt):

 Hi there. Similar to previous comments our wordpress based website have
 had pentests run against them and the testers have raised issues around WP
 cookie security.

 Looking at one of our websites they recommend that the HttpOnly flag is
 set for the wordpress_test_cookie and other WP cookies where possible.

 Additionally the SameSite=Strict should be set on that and admin related
 cookies.

 Thanks!

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/52639#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list