diff --git a/wp-config-development.php b/wp-config-development.php
index fd741062a..d63517171 100644
--- a/wp-config-development.php
+++ b/wp-config-development.php
@@ -18,3 +18,5 @@
 define( 'S3_UPLOADS_REGION', 'us-east-1' );
 
 define( 'GRAPHQL_DEBUG', true );
+
+define( 'COOKIE_DOMAIN', 'the-world-wp.lndo.site' );
diff --git a/wp-config-production.php b/wp-config-production.php
index 7e80d1560..81faf5f60 100644
--- a/wp-config-production.php
+++ b/wp-config-production.php
@@ -23,3 +23,5 @@
 define( 'S3_UPLOADS_BUCKET_URL', 'https://media.pri.org/s3fs-public' );
 
 define( 'WP_MEMORY_LIMIT', '512M' );
+
+define( 'COOKIE_DOMAIN', '.theworld.org' );
diff --git a/wp-content/themes/the-world/functions.php b/wp-content/themes/the-world/functions.php
index 6a099ae43..06c020829 100644
--- a/wp-content/themes/the-world/functions.php
+++ b/wp-content/themes/the-world/functions.php
@@ -114,7 +114,7 @@ function tw_init_set_auth_cookie() {
 			if ( $user && $secret_key && ! isset( $_COOKIE[ $cookie_name ] ) ) {
 				$hostname = wp_parse_url( get_site_url(), PHP_URL_HOST );
 				// NOTE: Regex assumes front-end domains will use single segment TLD's.
-				$domain = trim( preg_replace( '~.*?\.?((?:\.?[\w_-]+){2})$~', '$1', $hostname ), '.' );
+				$domain = defined( 'COOKIE_DOMAIN' ) ? COOKIE_DOMAIN : trim( preg_replace( '~.*?\.?((?:\.?[\w_-]+){2})$~', '$1', $hostname ), '.' );
 				$token  = $auth->get_refresh_token( $user );
 
 				if ( $token && is_string( $token ) ) {