Biscotti is a plugin that modifies the expiration of the logged in user cookie in WordPress. Choose from the default WordPress expiration (14 days), three months (90 days), six months (180 days), or one year (365 days). Because some people hate to have to keep entering their passwords.

Features

Per-user cookie expiration settings
Four expiration options: default, 3 months, 6 months, 1 year
WP-CLI support for managing settings programmatically
Fully translatable with i18n support
Secure implementation with CSRF protection
Clean uninstall that removes all plugin data

Security

Version 3.0.0 includes critical security improvements:
* CSRF protection with nonce verification
* Input validation with whitelist checking
* Strict type comparisons throughout
* Modern PHP 8.0+ type hints

Requirements

WordPress 6.0 or higher
PHP 8.0 or higher

WP-CLI Commands

As of version 2.1.0, Biscotti includes WP-CLI commands for managing a user’s logged in session cookie expiration.

Get a user’s cookie expiration

wp biscotti get <user_id>

Retrieves the current cookie expiration setting for a user.

Example:
wp biscotti get 123

Set a user’s cookie expiration

wp biscotti set <user_id> <expiration>

Sets the logged in session cookie expiration for a user.

Parameters:
* <user_id> — The ID of the user
* <expiration> — One of: default, 3 months, 6 months, 1 year

Examples:
* Set to 1 year: wp biscotti set 123 '1 year'
* Reset to default: wp biscotti set 123 default