✨ Up to
-70%
on the 1st year
Days
Hours
Minutes
Seconds
Multicolored switch icon.
en_US EN
en_US EN fr_FR FR es_ES ES
Start 15 Days Trial

Custom COOKIEHASH: strengthen WordPress cookie isolation with one click

Introduction

In WordPress, certain security and identification elements are based on constants defined in the wp-config.php. These include COOKIEHASHa value used in the construction of the site's cookie names.

We have developed the Custom COOKIEHASH of WPMasterToolKit to simplify a setting that is rarely dealt with by users, but is nevertheless useful in certain contexts: migration, site cloning, staging environments, or simply the need to have a clean, random cookie fingerprint. The objective is simple: automatically generate a value COOKIEHASH and inject it into wp-config.phpwithout manual handling.

Discover the module :
Free
Export articles and pages

What is the purpose of the Custom COOKIEHASH module?

By default, WordPress generates a hash used to name certain cookies. In most cases, this works fine without any intervention. But there are situations where it may be worthwhile to force a specific, unique value for COOKIEHASH.

The module Custom COOKIEHASH does just that. When activated, it :

  • generates a robust random value ;
  • adds or replaces the constant COOKIEHASH in wp-config.php ;
  • allows you to customize the footprint used for WordPress cookies.

When deactivated, the :

  • deletes the constant COOKIEHASH file wp-config.php ;
  • lets WordPress revert to its native behavior.
Discover the module :
Free
Deactivate the "Anyone can register" option

Why customize COOKIEHASH in WordPress?

This module is designed above all to deal with concrete cases of advanced administration.

Avoiding conflicts after cloning or migration

When a WordPress site is duplicated, migrated or used in pre-production, it can happen that the environment retains cookie-related behaviors from the original site. By setting a Random COOKIEHASHThis forces a clearer separation between cookies from different instances.

This is particularly useful for :

  • a site cloned from production to a test environment ;
  • a ;
  • several technically similar WordPress instances.

A clean start for cookies

By modifying COOKIEHASHWordPress cookie names change. This can be useful for avoid reusing old cookies that have become inconsistent after major changes to the site.

In some cases, this helps resolve strange behaviors related to authentication or persistent sessions.

Better control over WordPress configuration

Some administrators prefer to keep control of the important constants in the wp-config.php rather than letting WordPress deduce everything automatically. This module is part of that logic: offer simple control over a technical constantwithout having to edit files by hand.

Read also:
How to configure Amazon as SMTP on WordPress with WPMasterToolKit →

How does this module work?

The module's operation is deliberately minimalist.

On activation

When you activate the module, WPMasterToolKit :

  1. loads its file management class wp-config.php ;
  2. generates a random string ;
  3. saves this value as a constant COOKIEHASH.

The value generated is based primarily on :

  • random_bytes(64) to produce cryptographically secure random bytes ;
  • then hash('sha256', ...) to obtain a stable string in hash format.

If this method fails, the module uses a fallback solution with wp_generate_password(64, true, true).

In other words, the module always seeks to produce a value strong, random and long enough.

On deactivation

When you deactivate the module, WPMasterToolKit simply removes the constant COOKIEHASH from wp-config.php.

The site then reverts to standard WordPress logic, with no forced values.

Read also:
WPMasterToolKit 2.14.0 - New modules, better integrations and optimized user experience →

How to use the Custom COOKIEHASH module

It's very easy to use:

  1. activate the module Custom COOKIEHASH in WPMasterToolKit ;
  2. the plugin automatically adds the constant to wp-config.php ;
  3. WordPress then uses this new value for its cookies.

No additional configuration is required.

Just bear in mind that a change of COOKIEHASH may invalidate existing cookies. In practice, this can disconnect currently logged-in userswhich is generally normal after this type of modification.

Our technical choices for this module

We've deliberately designed this module to be very specific.

An action only at the moment of activation

The module does not execute continuous logic. It only intervenes :

  • when the module is activated;
  • when deactivated.

This avoids needlessly loading code on every request and is in line with the WPMasterToolKit philosophy: an activated module = a module loaded only when needed.

A clean modification of wp-config.php

Instead of asking the user to edit wp-config.php manually, the module relies on the internal class :

WPMastertoolkit_WP_Config

This class allows you to :

  • add or replace the constant COOKIEHASH via replace_or_add_constant() ;
  • delete the constant via remove_constant().

This reduces handling errors and automates a sensitive technical operation.

Robust random generation

The module focuses on random_bytes()which is suitable for generating secure random values. The resulting SHA-256 hash provides a consistent, clean value to be stored in a PHP constant.

And to guarantee compatibility, a back-up solution is provided with wp_generate_password(). This choice allows the module to remain reliable even if the server environment doesn't allow the main method to be used.

Discover the module :
Free
Clean administration bar

Can the module replace a WordPress extension?

In this particular case, not really a complete plugin. Above all, the module replaces :

  • manual file modification wp-config.php ;
  • a custom snippet added to define COOKIEHASH ;
  • a specific administration routine in a mu-plugin or in-house plugin.

The point here is not to replace a large extension, but to centralize this technical setting in WPMasterToolKit.

Documented custom WordPress hooks

This module does not contain no apply_filters() personalized or no do_action() personalized.

Its behavior is deliberately straightforward: activate, write the constant, then delete on deactivation.

Conclusion

The module Custom COOKIEHASH WPMasterToolKit meets a specific need, but is useful in many technical scenarios: automatically generate and inject a constant COOKIEHASH random in WordPress.

It's a small module, but it brings several advantages: less manual editing, better control of cookie behavior, and clean management when cloning or changing environment.

In the spirit of WPMasterToolKit, it's once again a matter of transforming a technical operation into a simple, fast and centralized action from within WordPress.

Read also:
Changelog v2.0.0: A quantum leap for WPMasterToolKit with the introduction of the PRO Version →
See our rates
Pro
1 site
3.50$
/Month
14
Days
Money-back guarantee
risk-free at 100 %!
See details

FAQ

Does the module modify anything other than COOKIEHASH

No. It adds/replaces COOKIEHASH on activation and removes it on deactivation.

What happens if random_bytes fails?

The module uses a secure fallback based on wp_generate_password.

Is there a risk of breaking wp-config.php

Risk is greatly reduced thanks to the internal mechanism: backup, atomic writing, validation and auto-restore in the event of a problem.