One thing I loathe about WordPress 2.5 is login cookies only last two weeks. So every two weeks I get prompted to login again. It is extremely disruptive to have to log in again, when just a few hours earlier I was logged in. The cookie logic should be tweaked that if you haven’t logged in over the past two weeks, then (maybe) the cookie should expire. but if I was allowed to work on the blog yesterday, why should I need to log in again today. The two week window should not be based on when I first logged in, but on when I last did administrative functions while logged in.
There aren’t any plugin hooks to the cookie setting functions of WordPress 2.5. But you can edit line number 547 of pluggable.php (which is under wp-includes of your WordPress installation) to lengthen the amount of time a cookie is stored for. Simply change the number at the end of the line
$expiration = $expire = time() + 1209600;
to ever how many seconds you want the cookie to be good for.
Two Weeks: 1209600
One Month (30 days): 2592000
One Year (365 days): 31536000
Ten Years (3650 days): 315360000
Once you’ve made that change, log out (in the top right of the administrative area) and then log in again to create the new cookie with the longer login time. Or simply wait two weeks for your cookie to expire, and then the next time you login, you’ll be all set.
Yes, I can see how this might be a security issue, since an attacker may stay logged in for a long time, and get past any system upgrades. (A system upgrade though should wipe any stored logins. Which doesn’t appear to be possible currently, since the cookie doesn’t store which version of WordPress the cookie is good for.) Or if your machine is compromised, your blog can be compromised. But generally, if that happens, you’re screwed anyways. So in this instance, ease of use is trumping security for me.