Cookies store session data for logged-in users, cart information, and authentication tokens. If those cookies are not restricted to secure connections, an attacker on an unsecured network can intercept them and gain unauthorized access to your site.
WordPress does not include a built-in option to enforce secure cookies. With the Nexter Extension (Free) plugin, you can enable secure cookies on your WordPress website through the Advanced Security settings.
What is Secure Cookies?
In WordPress, secure cookies are a security feature that ensures cookies are only transmitted over secure, encrypted HTTPS connections. When this option is enabled, the browser will not send authentication cookies over an unencrypted HTTP connection, which prevents session hijacking on mixed-content or unsecured networks.
How to Enable Secure Cookies with the Nexter Extension?
To enable secure cookies with the Nexter Extension, go to Nexter > Extensions > Security from the WordPress Dashboard.
Go to the Advanced Security section, enable the section toggle, and click the gear icon (⚙) to open the settings.
The Advanced Security popup opens. Enable the Secure Cookies toggle and click the Save button.
Your website cookies will now only be transmitted over secure, encrypted HTTPS connections, and each cookie will be scoped to your website only.
For additional security hardening with Nexter Extension, see How to Harden iFrame Security in WordPress to restrict what content third-party iFrames can access on your site. To manage WordPress server load and reduce unnecessary background requests, see How to Manage Heartbeat Control API in WordPress.
