Skip to content

Share Login Cookies between WordPress Subdomains

I wrote a post early last month that walked you through how to share login cookies between two WordPress installations. In this post I’m going to take it a step further and break down the code to make sure it can be easily understood and used. The first WordPress install is actually exactly identical, so lets take a look at the wp-config.php file from the initial install as we’ll need some information from here to start the next step.

<?php
/**
 * The base configurations of the WordPress.
 *
 * This file has the following configurations: MySQL settings, Table Prefix,
 * Secret Keys, and ABSPATH. You can find more information by visiting
 * {@link http://codex.wordpress.org/Editing_wp-config.php Editing wp-config.php}
 * Codex page. You can get the MySQL settings from your web host.
 *
 * This file is used by the wp-config.php creation script during the
 * installation. You don't have to use the web site, you can just copy this file
 * to "wp-config.php" and fill in the values.
 *
 * @package WordPress
 */

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name');

/** MySQL database username */
define('DB_USER', 'database_username');

/** MySQL database password */
define('DB_PASSWORD', 'database_password');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         'XTq(A$}i4EvpOc!+}(nG;Yh0&-]IN-py+5d)+C?PqZ(ivgSZC_Z?[KJ)4c}Y$Y^#');
define('SECURE_AUTH_KEY',  'G<?e~n-jsE({2f6:V$(C7)4Ey2XBiC=LEs^^{tor=,KCI4bUxfH#ta(,9B5B/ue%');
define('LOGGED_IN_KEY',    '4ovK<g*e/;:-:SR^-d77)g1xOtatxI*DpV_I|zW<hl[uy%&~.b<lET7FJu[GD[9h');
define('NONCE_KEY',        '#=f}Tu.G,ktS- _//85)q~Qe(+&u+5rI[:Vem4#[`3UiKROZl<FzC>DmzLgZpS$/');
define('AUTH_SALT',        'V-E4_,r^rW|.>w43[[email protected]^iGe]i&!dIIisu+KYRQ^E^BF+n5Z#N.)-:{@H?hT$Wv~5');
define('SECURE_AUTH_SALT', 'p>]:Mu#<cjOol6Q.N=]Sm[#/jc|dgri4++[`2c416|k|HzKZY&^cr|u0g31)&-g-');
define('LOGGED_IN_SALT',   '+RHv+pinC&[&[email protected]#}+ mOH;_!~,f-+R_D2M.!Gc>[email protected]&81|}IpWY}y&|');
define('NONCE_SALT',       '|g%(N{gm2vABg(t47P}^$s-<s[<*OMfz%JmSkb5N=;oC|@cfK?G$VtZ`I8?|=T~c');

/**#@-*/

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each a unique
 * prefix. Only numbers, letters, and underscores please!
 */
$table_prefix  = 'wp_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 */
define('WP_DEBUG', false);

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
  define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

This is a copy of the default wp-config.php file that you may have as your current WordPress installation. The bits of this that we’re going to use for our second installation will be:

  • define(‘DB_NAME’, ‘database_name’);
  • define(‘DB_USER’, ‘database_username’);
  • define(‘DB_PASSWORD’, ‘database_password’);
  • define(‘DB_HOST’, ‘localhost’);
  • $table_prefix = ‘wp_’;

For step two we’ll just make an identical copy of the same wp_config.php file as if you’re hosting it on the same server that your other WordPress site is hosted on, then there is only one thing that needs to change so we can start step 3… the $table_prefix = ‘wp_’; variable. If you’re not hosting on the same server or using a remote database, then you’ll need to set the DB_HOST to the correct setting otherwise when you try to proceed with this installation your WordPress will not be able to connect to the database and your installation will not succeed. You will change the table_prefix to anything other than what’s listed there. If you are only going to have two installs, it’s easy to know which site uses which prefix so you can just use something like

$table_prefix = 'wp2_';

for sites that may be preparing to build many sites then I’d recommend something that will identify your wordpress tables.

$table_prefix = 'subdomain_name_';

From there run through your normal installation. So far this is pretty straight forward and there haven’t been any errors that have popped up. If there are, feel free to contact us and we can help sort out any database troubles you’ve run into. Now that you have two functioning WordPress installs, we’re going to modify the wp-config.php file once more. In both wp-config.php files, one from your initial install and one from your second install, you will add the following line

define('COOKIEHASH', md5('random_string')); /*replace 'random_string' with a 22 character string of numbers, letters, and symbols*/

This line can be added after the define(‘WP_DEBUG’, true); line, before the /* That’s all, stop editing! Happy blogging. */ comment. In your second install, the one where you changed the $table_prefix variable, you’ll also add the following lines. Pay special attention to which wp-config.php file you’re editing for this step. In your initial wp-config.php file:

define('COOKIEPATH', '/');
define('SITECOOKIEPATH','/');

In your second installation (and third, fourth, fifth, etc…) wp-config.php file:

define(CUSTOM_USER_TABLE, 'wp_users');
define(CUSTOM_USER_META_TABLE, 'wp_usermeta');
define('COOKIEPATH','domain.com/'); // Replace with your initial domain name
define('SITECOOKIEPATH','domain.com/'); // Replace with your initial domain name

You may have noticed the comments after the last two line… You will need to replace these with the correct root domain. For example, if you are using domain.com and sub.domain.com then on the sub.domain.com‘s wp-config.php file you’ll place ‘domain.com/‘ where specified. You will also need to correct the ‘wp_users’ and ‘wp_usermeta’ prefixes if you used something other than the default ‘wp_’ database prefix on your initial installation. Now you have two WordPress installations for subdomains sharing the same users table AND their associated login cookies. Here are the completed wp-config.php files. Initial Install:

<?php
/**
 * The base configurations of the WordPress.
 *
 * This file has the following configurations: MySQL settings, Table Prefix,
 * Secret Keys, and ABSPATH. You can find more information by visiting
 * {@link http://codex.wordpress.org/Editing_wp-config.php Editing wp-config.php}
 * Codex page. You can get the MySQL settings from your web host.
 *
 * This file is used by the wp-config.php creation script during the
 * installation. You don't have to use the web site, you can just copy this file
 * to "wp-config.php" and fill in the values.
 *
 * @package WordPress
 */

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name');

/** MySQL database username */
define('DB_USER', 'database_username');

/** MySQL database password */
define('DB_PASSWORD', 'database_password');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         'XTq(A$}i4EvpOc!+}(nG;Yh0&-]IN-py+5d)+C?PqZ(ivgSZC_Z?[KJ)4c}Y$Y^#');
define('SECURE_AUTH_KEY',  'G<?e~n-jsE({2f6:V$(C7)4Ey2XBiC=LEs^^{tor=,KCI4bUxfH#ta(,9B5B/ue%');
define('LOGGED_IN_KEY',    '4ovK<g*e/;:-:SR^-d77)g1xOtatxI*DpV_I|zW<hl[uy%&~.b<lET7FJu[GD[9h');
define('NONCE_KEY',        '#=f}Tu.G,ktS- _//85)q~Qe(+&u+5rI[:Vem4#[`3UiKROZl<FzC>DmzLgZpS$/');
define('AUTH_SALT',        'V-E4_,r^rW|.>w43[[email protected]^iGe]i&!dIIisu+KYRQ^E^BF+n5Z#N.)-:{@H?hT$Wv~5');
define('SECURE_AUTH_SALT', 'p>]:Mu#<cjOol6Q.N=]Sm[#/jc|dgri4++[`2c416|k|HzKZY&^cr|u0g31)&-g-');
define('LOGGED_IN_SALT',   '+RHv+pinC&[&[email protected]#}+ mOH;_!~,f-+R_D2M.!Gc>[email protected]&81|}IpWY}y&|');
define('NONCE_SALT',       '|g%(N{gm2vABg(t47P}^$s-<s[<*OMfz%JmSkb5N=;oC|@cfK?G$VtZ`I8?|=T~c');
define('SECRET_SALT',      '1x?,z6/El.2!ZQXYoCJup>_c`g6^`-E)Jpk~KSa7O90A5VPb E|p8Dx}Ee$F*9,!');

/**#@-*/

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each a unique
 * prefix. Only numbers, letters, and underscores please!
 */
$table_prefix  = 'wp_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 */
define('WP_DEBUG', true);
define('COOKIEPATH', '/');
define('SITECOOKIEPATH','/');
define('COOKIEHASH', md5('1234567890123456789'));

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
  define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

Second Installation for subdomain:

<?php
/**
 * The base configurations of the WordPress.
 *
 * This file has the following configurations: MySQL settings, Table Prefix,
 * Secret Keys, and ABSPATH. You can find more information by visiting
 * {@link http://codex.wordpress.org/Editing_wp-config.php Editing wp-config.php}
 * Codex page. You can get the MySQL settings from your web host.
 *
 * This file is used by the wp-config.php creation script during the
 * installation. You don't have to use the web site, you can just copy this file
 * to "wp-config.php" and fill in the values.
 *
 * @package WordPress
 */

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name');

/** MySQL database username */
define('DB_USER', 'database_username');

/** MySQL database password */
define('DB_PASSWORD', 'database_password');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         'XTq(A$}i4EvpOc!+}(nG;Yh0&-]IN-py+5d)+C?PqZ(ivgSZC_Z?[KJ)4c}Y$Y^#');
define('SECURE_AUTH_KEY',  'G<?e~n-jsE({2f6:V$(C7)4Ey2XBiC=LEs^^{tor=,KCI4bUxfH#ta(,9B5B/ue%');
define('LOGGED_IN_KEY',    '4ovK<g*e/;:-:SR^-d77)g1xOtatxI*DpV_I|zW<hl[uy%&~.b<lET7FJu[GD[9h');
define('NONCE_KEY',        '#=f}Tu.G,ktS- _//85)q~Qe(+&u+5rI[:Vem4#[`3UiKROZl<FzC>DmzLgZpS$/');
define('AUTH_SALT',        'V-E4_,r^rW|.>w43[[email protected]^iGe]i&!dIIisu+KYRQ^E^BF+n5Z#N.)-:{@H?hT$Wv~5');
define('SECURE_AUTH_SALT', 'p>]:Mu#<cjOol6Q.N=]Sm[#/jc|dgri4++[`2c416|k|HzKZY&^cr|u0g31)&-g-');
define('LOGGED_IN_SALT',   '+RHv+pinC&[&[email protected]#}+ mOH;_!~,f-+R_D2M.!Gc>[email protected]&81|}IpWY}y&|');
define('NONCE_SALT',       '|g%(N{gm2vABg(t47P}^$s-<s[<*OMfz%JmSkb5N=;oC|@cfK?G$VtZ`I8?|=T~c');
define('SECRET_SALT',      '1x?,z6/El.2!ZQXYoCJup>_c`g6^`-E)Jpk~KSa7O90A5VPb E|p8Dx}Ee$F*9,!');

/**#@-*/

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each a unique
 * prefix. Only numbers, letters, and underscores please!
 */
$table_prefix  = 'wp2_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 */
define('WP_DEBUG', false);
define(CUSTOM_USER_TABLE, 'wp_users');
define(CUSTOM_USER_META_TABLE, 'wp_usermeta');
define('COOKIEPATH','domain.com/');
define('SITECOOKIEPATH','domain.com/');
define('COOKIEHASH', md5('1234567890123456789'));

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
  define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

This set up is great if you want to have multiple websites that have the same users table. It can also be used to subdirectory installs if your web hosting company isn’t awesome. If you like this post, please share it or sign up for a hosting account.

2 Comments

  1. Vedran on December 6, 2018 at 1:10 pm

    I don’t get this part

    For example if you are using greentiehosting.com and sub.greentiehosting.com then on the sub.greentiehosting.com‘s wp-config.php file you’ll place ‘stoute.co/‘ where specified.

    ??

    • Paul Stoute on December 6, 2018 at 10:54 pm

      Vedran, I’ve updated the article to correct the domains. The article got updated when we switched domains and a search and replace tool swapped some but not all the instances over. Review the updated article, and let me know if this makes more sense.

Leave a Comment





This site uses Akismet to reduce spam. Learn how your comment data is processed.