How To Fix WordPress Keeps Logging Out Problem

WordPress uses a browser cookie to authenticate your login session. The cookie is tied to the WordPress URL stored in your site settings. Several things can cause this process to break:

URL mismatch in settings. If you access your site from a URL that doesn’t match what’s stored in WordPress, for example example.com vs www.example.com, or http vs https, WordPress can’t validate the session cookie and logs you out.

“Remember Me” not checked. By default, WordPress sessions expire after a few hours if you didn’t check “Remember Me” at login. This is the most overlooked cause and the easiest to fix.

Browser cookie issues. If your browser is blocking third-party cookies, using incognito mode, or has recently cleared its cookies, the login session won’t persist. WordPress needs to write a cookie to your browser to keep you logged in.

SSL/HTTPS mismatch. If your site recently moved from HTTP to HTTPS and either the WordPress Address or Site Address in Settings > General still shows the old HTTP URL, the session cookie domain won’t match the URL you’re using to log in.

COOKIE_DOMAIN define conflict. Some older or custom wp-config.php files include a define('COOKIE_DOMAIN', ...) line that specifies exactly which domain cookies are allowed to be set for. If that value doesn’t match the domain you’re logging in from, including whether it starts with www, WordPress will reject the session cookie and log you out immediately after login. Search your wp-config.php for COOKIE_DOMAIN and remove or correct it.

Server-side session files are full or corrupted. On some shared hosting setups, WordPress stores login tokens in server-side session files. If the directory where PHP writes session data fills up or is cleared by the host, your session is destroyed even though your browser still holds the cookie. This tends to appear as intermittent logouts rather than immediate ones.

Work through these fixes in order. The first two resolve the issue for most users without needing to edit any files.

Fix 1: Check “Remember Me” at Login

When you log in to WordPress, make sure the Remember Me checkbox is ticked. Without it, your session expires after 2 days (or sooner, depending on your configuration). With it, the session lasts up to 14 days. This single step solves the problem for many users.

Fix 2: Clear Browser Cookies and Log In Again

A corrupted or blocked session cookie can cause a persistent logout loop. Go to your browser settings and clear cookies for your WordPress domain, then log in again with “Remember Me” checked. If you’re using incognito mode, switch to a regular window since incognito doesn’t retain cookies between sessions.

Fix 3: Fix the URL Mismatch in WordPress Settings

Log in to your WordPress dashboard and go to Settings > General. Check both the WordPress Address (URL) and Site Address (URL) fields. They must match exactly, including whether you use www and whether you use http or https.

If you can’t log in at all, open your wp-config.php file via FTP and add these two lines above the line that reads /* That's all, stop editing! Happy blogging. */:

define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');

If your site uses www, use:

define('WP_HOME','http://www.example.com');
define('WP_SITEURL','http://www.example.com');

Replace example.com with your actual domain. Save and re-upload the file if editing locally.

Note: if fixing the URL causes a redirect loop, see the guide on fixing the too many redirects error in WordPress.

Fix 4: Extend the Session Timeout

If you want to stay logged in for longer even without “Remember Me,” add this line to your wp-config.php:

define('AUTH_COOKIE_EXPIRATION', 2592000); // 30 days in seconds

Place it above the /* That's all, stop editing! */ line. Adjust the number of seconds to suit your preference (86400 = 1 day, 604800 = 7 days).

Fix 5: Check Your Security Plugin Settings

If you have a security plugin installed, check its login and session settings. Look for options like “session timeout,” “idle logout,” or “force logout after X minutes” and either extend the time limit or disable the feature if it’s causing the problem.

Fix 6: Remove or Correct the COOKIE_DOMAIN Define

Search your wp-config.php file for the text COOKIE_DOMAIN. If you find a line like this:

define('COOKIE_DOMAIN', 'example.com');

Check that the value matches the domain you use to log in, including the www prefix if applicable. A mismatch between example.com and www.example.com will cause WordPress to fail to set the session cookie entirely. If you’re not sure of the correct value, the safest fix is to comment out or remove the line , WordPress will fall back to its default cookie domain behavior.

Fix 7: Clear Server-Side Session Files (Advanced)

On some shared hosting setups, PHP writes login session data to a folder on the server (usually /tmp or a path specified in php.ini under session.save_path). If that folder is full, has permission issues, or gets cleared automatically by the host, your session disappears on the server side even though your browser still holds the cookie.

Contact your hosting provider and ask whether they have session file management settings that might be clearing sessions more aggressively than expected. Alternatively, you can switch WordPress to storing sessions in the database by installing a plugin that uses database-backed authentication tokens.