SameSite Cookies
CSRF-protection for authentication cookies. When enabled, this plugin makes sure the "SameSite" flag is set in authentication cookies.
2.5(11 reviews)
·900 active installs·Updated 2 years agoAs of April 2026, SameSite Cookies is a WordPress csrf plugin with 900 active installations and a 2.5/5 rating from 11 reviews. It has been downloaded 23K+ times in total. Requires WordPress 6.2+ and PHP 7.0+. Available on WordPress.org since 2019. Last updated 2 years ago — may have compatibility concerns. Top alternative: Comment Form CSRF Protection.
2.5/511 reviews
900active installs
23K+total downloads
7 yearssince 2019
Overview
This plugin adds the “SameSite” cookie flag to WordPress’s authentication cookies. On supported browsers (all current IE, Edge, Chrome, and Firefox), this can effectively prevent all Cross-Site Request Forgery attacks throughout your WordPress site.
SameSite cookie flag support was added to PHP on version 7.3, but this plugin ships with a workaround to support all PHP versions WordPress supports.
There is no administrative UI provided: Activate this plugin, and you are all set!
You can configure the SameSite flag value from your WordPress configuration file. You cna pick a value from Lax (default), Strict, or None. You can read about SameSite cookies here.
To configure the SameSite flag value, edit your WordPress configuration file (wp-config.php), and add the following…
Screenshots
Ratings & Reviews
2.511 reviews
5 ★
4
4 ★
0
3 ★
0
2 ★
1
1 ★
6
Compatibility
| WordPress | 6.2+ requiredTested up to 6.3.8 |
| PHP | 7.0+ required |
Top Alternatives to SameSite Cookies
Frequently Asked Questions
Changelog
1.5
- Fixes a cookie expiration issue that was reported multiple times in the issue queue. Thanks to Jamie Magin (@jamagin at GitHub).
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.